Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libsodium-1.0.18/builds/msvc/resource.h Examining data/libsodium-1.0.18/builds/msvc/version.h Examining data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c Examining data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c Examining data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c Examining data/libsodium-1.0.18/src/libsodium/crypto_auth/crypto_auth.c Examining data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha256/auth_hmacsha256.c Examining data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha512/auth_hmacsha512.c Examining data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha512256/auth_hmacsha512256.c Examining data/libsodium-1.0.18/src/libsodium/crypto_box/crypto_box.c Examining data/libsodium-1.0.18/src/libsodium/crypto_box/crypto_box_easy.c Examining data/libsodium-1.0.18/src/libsodium/crypto_box/crypto_box_seal.c Examining data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c Examining data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_seal_curve25519xchacha20poly1305.c Examining data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xsalsa20poly1305/box_curve25519xsalsa20poly1305.c Examining data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c Examining data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ristretto255.c Examining data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c Examining data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/fe_25_5/base.h Examining data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/fe_25_5/base2.h Examining data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/fe_25_5/constants.h Examining data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/fe_25_5/fe.h Examining data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/fe_51/base.h Examining data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/fe_51/base2.h Examining data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/fe_51/constants.h Examining data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/fe_51/fe.h Examining data/libsodium-1.0.18/src/libsodium/crypto_core/hchacha20/core_hchacha20.c Examining data/libsodium-1.0.18/src/libsodium/crypto_core/hsalsa20/core_hsalsa20.c Examining data/libsodium-1.0.18/src/libsodium/crypto_core/hsalsa20/ref2/core_hsalsa20_ref2.c Examining data/libsodium-1.0.18/src/libsodium/crypto_core/salsa/ref/core_salsa_ref.c Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/generichash_blake2.c Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2.h Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-avx2.c Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-avx2.h Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-ref.c Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-sse41.c Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-sse41.h Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-ssse3.c Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-ssse3.h Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-load-avx2.h Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-load-sse2.h Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-load-sse41.h Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/generichash_blake2b.c Examining data/libsodium-1.0.18/src/libsodium/crypto_generichash/crypto_generichash.c Examining data/libsodium-1.0.18/src/libsodium/crypto_hash/crypto_hash.c Examining data/libsodium-1.0.18/src/libsodium/crypto_hash/sha256/cp/hash_sha256_cp.c Examining data/libsodium-1.0.18/src/libsodium/crypto_hash/sha256/hash_sha256.c Examining data/libsodium-1.0.18/src/libsodium/crypto_hash/sha512/cp/hash_sha512_cp.c Examining data/libsodium-1.0.18/src/libsodium/crypto_hash/sha512/hash_sha512.c Examining data/libsodium-1.0.18/src/libsodium/crypto_kdf/blake2b/kdf_blake2b.c Examining data/libsodium-1.0.18/src/libsodium/crypto_kdf/crypto_kdf.c Examining data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c Examining data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/crypto_onetimeauth.c Examining data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna.c Examining data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna.h Examining data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h Examining data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h Examining data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305.c Examining data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305.h Examining data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c Examining data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.h Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-core.c Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-core.h Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-encoding.h Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-avx2.c Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-avx512f.c Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-ref.c Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-ssse3.c Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2.c Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2.h Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/blake2b-long.c Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/blake2b-long.h Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/blamka-round-avx2.h Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/blamka-round-avx512f.h Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/blamka-round-ref.h Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/blamka-round-ssse3.h Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/pwhash_argon2id.c Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/crypto_pwhash.c Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt.h Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pbkdf2-sha256.c Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pbkdf2-sha256.h Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/scrypt_platform.c Examining data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/crypto_scalarmult.c Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.h Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/consts_namespace.h Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/curve25519_sandy2x.c Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/curve25519_sandy2x.h Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe.h Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51.h Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_invert.c Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_namespace.h Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe_frombytes_sandy2x.c Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.h Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base.h Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base_namespace.h Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_namespace.h Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/scalarmult_curve25519.c Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/scalarmult_curve25519.h Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c Examining data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/ristretto255/ref10/scalarmult_ristretto255_ref10.c Examining data/libsodium-1.0.18/src/libsodium/crypto_secretbox/crypto_secretbox.c Examining data/libsodium-1.0.18/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c Examining data/libsodium-1.0.18/src/libsodium/crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c Examining data/libsodium-1.0.18/src/libsodium/crypto_secretbox/xsalsa20poly1305/secretbox_xsalsa20poly1305.c Examining data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c Examining data/libsodium-1.0.18/src/libsodium/crypto_shorthash/crypto_shorthash.c Examining data/libsodium-1.0.18/src/libsodium/crypto_shorthash/siphash24/ref/shorthash_siphash24_ref.c Examining data/libsodium-1.0.18/src/libsodium/crypto_shorthash/siphash24/ref/shorthash_siphash_ref.h Examining data/libsodium-1.0.18/src/libsodium/crypto_shorthash/siphash24/ref/shorthash_siphashx24_ref.c Examining data/libsodium-1.0.18/src/libsodium/crypto_shorthash/siphash24/shorthash_siphash24.c Examining data/libsodium-1.0.18/src/libsodium/crypto_shorthash/siphash24/shorthash_siphashx24.c Examining data/libsodium-1.0.18/src/libsodium/crypto_sign/crypto_sign.c Examining data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/keypair.c Examining data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c Examining data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/open.c Examining data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign.c Examining data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign_ed25519_ref10.h Examining data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/sign_ed25519.c Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-avx2.c Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-avx2.h Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-ssse3.c Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-ssse3.h Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/dolbeau/u0.h Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/dolbeau/u1.h Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/dolbeau/u4.h Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/dolbeau/u8.h Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/ref/chacha20_ref.c Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/ref/chacha20_ref.h Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/stream_chacha20.c Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/stream_chacha20.h Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/crypto_stream.c Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/ref/salsa20_ref.c Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/ref/salsa20_ref.h Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/stream_salsa20.c Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/stream_salsa20.h Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/xmm6/salsa20_xmm6.c Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/xmm6/salsa20_xmm6.h Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/xmm6int/salsa20_xmm6int-avx2.c Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/xmm6int/salsa20_xmm6int-avx2.h Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/xmm6int/salsa20_xmm6int-sse2.c Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/xmm6int/salsa20_xmm6int-sse2.h Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/xmm6int/u0.h Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/xmm6int/u1.h Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/xmm6int/u4.h Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/xmm6int/u8.h Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa2012/ref/stream_salsa2012_ref.c Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa2012/stream_salsa2012.c Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa208/ref/stream_salsa208_ref.c Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa208/stream_salsa208.c Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/xchacha20/stream_xchacha20.c Examining data/libsodium-1.0.18/src/libsodium/crypto_stream/xsalsa20/stream_xsalsa20.c Examining data/libsodium-1.0.18/src/libsodium/crypto_verify/sodium/verify.c Examining data/libsodium-1.0.18/src/libsodium/include/sodium.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/core.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_aead_aes256gcm.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_aead_xchacha20poly1305.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_auth.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_auth_hmacsha256.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_auth_hmacsha512.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_auth_hmacsha512256.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_box.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_box_curve25519xchacha20poly1305.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_box_curve25519xsalsa20poly1305.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_core_ed25519.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_core_hchacha20.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_core_hsalsa20.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_core_ristretto255.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_core_salsa20.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_core_salsa2012.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_core_salsa208.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_generichash.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_generichash_blake2b.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_hash.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_hash_sha256.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_hash_sha512.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kdf.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kdf_blake2b.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_onetimeauth.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_argon2i.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_argon2id.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_scalarmult.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_scalarmult_curve25519.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_scalarmult_ed25519.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_scalarmult_ristretto255.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretbox.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretbox_xchacha20poly1305.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretbox_xsalsa20poly1305.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_shorthash.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_shorthash_siphash24.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_sign.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_sign_ed25519.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_sign_edwards25519sha512batch.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_chacha20.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_salsa20.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_salsa2012.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_salsa208.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_xchacha20.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_xsalsa20.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_verify_16.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_verify_32.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_verify_64.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/export.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/private/chacha20_ietf_ext.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/private/common.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10_fe_25_5.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/private/implementations.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/private/mutex.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/private/sse2_64_32.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/randombytes.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/randombytes_internal_random.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/randombytes_sysrandom.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/runtime.h Examining data/libsodium-1.0.18/src/libsodium/include/sodium/utils.h Examining data/libsodium-1.0.18/src/libsodium/randombytes/internal/randombytes_internal_random.c Examining data/libsodium-1.0.18/src/libsodium/randombytes/randombytes.c Examining data/libsodium-1.0.18/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c Examining data/libsodium-1.0.18/src/libsodium/sodium/codecs.c Examining data/libsodium-1.0.18/src/libsodium/sodium/core.c Examining data/libsodium-1.0.18/src/libsodium/sodium/runtime.c Examining data/libsodium-1.0.18/src/libsodium/sodium/utils.c Examining data/libsodium-1.0.18/src/libsodium/sodium/version.c Examining data/libsodium-1.0.18/test/default/aead_aes256gcm.c Examining data/libsodium-1.0.18/test/default/aead_aes256gcm2.c Examining data/libsodium-1.0.18/test/default/aead_chacha20poly1305.c Examining data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c Examining data/libsodium-1.0.18/test/default/aead_xchacha20poly1305.c Examining data/libsodium-1.0.18/test/default/auth.c Examining data/libsodium-1.0.18/test/default/auth2.c Examining data/libsodium-1.0.18/test/default/auth3.c Examining data/libsodium-1.0.18/test/default/auth5.c Examining data/libsodium-1.0.18/test/default/auth6.c Examining data/libsodium-1.0.18/test/default/auth7.c Examining data/libsodium-1.0.18/test/default/box.c Examining data/libsodium-1.0.18/test/default/box2.c Examining data/libsodium-1.0.18/test/default/box7.c Examining data/libsodium-1.0.18/test/default/box8.c Examining data/libsodium-1.0.18/test/default/box_easy.c Examining data/libsodium-1.0.18/test/default/box_easy2.c Examining data/libsodium-1.0.18/test/default/box_seal.c Examining data/libsodium-1.0.18/test/default/box_seed.c Examining data/libsodium-1.0.18/test/default/chacha20.c Examining data/libsodium-1.0.18/test/default/cmptest.h Examining data/libsodium-1.0.18/test/default/codecs.c Examining data/libsodium-1.0.18/test/default/core1.c Examining data/libsodium-1.0.18/test/default/core2.c Examining data/libsodium-1.0.18/test/default/core3.c Examining data/libsodium-1.0.18/test/default/core4.c Examining data/libsodium-1.0.18/test/default/core5.c Examining data/libsodium-1.0.18/test/default/core6.c Examining data/libsodium-1.0.18/test/default/core_ed25519.c Examining data/libsodium-1.0.18/test/default/core_ristretto255.c Examining data/libsodium-1.0.18/test/default/ed25519_convert.c Examining data/libsodium-1.0.18/test/default/generichash.c Examining data/libsodium-1.0.18/test/default/generichash2.c Examining data/libsodium-1.0.18/test/default/generichash3.c Examining data/libsodium-1.0.18/test/default/hash.c Examining data/libsodium-1.0.18/test/default/hash3.c Examining data/libsodium-1.0.18/test/default/kdf.c Examining data/libsodium-1.0.18/test/default/keygen.c Examining data/libsodium-1.0.18/test/default/kx.c Examining data/libsodium-1.0.18/test/default/metamorphic.c Examining data/libsodium-1.0.18/test/default/misuse.c Examining data/libsodium-1.0.18/test/default/onetimeauth.c Examining data/libsodium-1.0.18/test/default/onetimeauth2.c Examining data/libsodium-1.0.18/test/default/onetimeauth7.c Examining data/libsodium-1.0.18/test/default/pwhash_argon2i.c Examining data/libsodium-1.0.18/test/default/pwhash_argon2id.c Examining data/libsodium-1.0.18/test/default/pwhash_scrypt.c Examining data/libsodium-1.0.18/test/default/pwhash_scrypt_ll.c Examining data/libsodium-1.0.18/test/default/randombytes.c Examining data/libsodium-1.0.18/test/default/scalarmult.c Examining data/libsodium-1.0.18/test/default/scalarmult2.c Examining data/libsodium-1.0.18/test/default/scalarmult5.c Examining data/libsodium-1.0.18/test/default/scalarmult6.c Examining data/libsodium-1.0.18/test/default/scalarmult7.c Examining data/libsodium-1.0.18/test/default/scalarmult8.c Examining data/libsodium-1.0.18/test/default/scalarmult_ed25519.c Examining data/libsodium-1.0.18/test/default/scalarmult_ristretto255.c Examining data/libsodium-1.0.18/test/default/secretbox.c Examining data/libsodium-1.0.18/test/default/secretbox2.c Examining data/libsodium-1.0.18/test/default/secretbox7.c Examining data/libsodium-1.0.18/test/default/secretbox8.c Examining data/libsodium-1.0.18/test/default/secretbox_easy.c Examining data/libsodium-1.0.18/test/default/secretbox_easy2.c Examining data/libsodium-1.0.18/test/default/secretstream.c Examining data/libsodium-1.0.18/test/default/shorthash.c Examining data/libsodium-1.0.18/test/default/sign.c Examining data/libsodium-1.0.18/test/default/siphashx24.c Examining data/libsodium-1.0.18/test/default/sodium_core.c Examining data/libsodium-1.0.18/test/default/sodium_utils.c Examining data/libsodium-1.0.18/test/default/sodium_utils2.c Examining data/libsodium-1.0.18/test/default/sodium_utils3.c Examining data/libsodium-1.0.18/test/default/sodium_version.c Examining data/libsodium-1.0.18/test/default/stream.c Examining data/libsodium-1.0.18/test/default/stream2.c Examining data/libsodium-1.0.18/test/default/stream3.c Examining data/libsodium-1.0.18/test/default/stream4.c Examining data/libsodium-1.0.18/test/default/verify1.c Examining data/libsodium-1.0.18/test/default/xchacha20.c Examining data/libsodium-1.0.18/test/quirks/quirks.h FINAL RESULTS: data/libsodium-1.0.18/test/default/cmptest.h:161:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef printf data/libsodium-1.0.18/test/default/cmptest.h:162:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printf(...) do { } while(0) data/libsodium-1.0.18/test/default/cmptest.h:208:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef printf data/libsodium-1.0.18/test/default/cmptest.h:209:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printf(...) fprintf(fp_res, __VA_ARGS__) data/libsodium-1.0.18/test/default/cmptest.h:209:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printf(...) fprintf(fp_res, __VA_ARGS__) data/libsodium-1.0.18/src/libsodium/include/sodium/randombytes.h:21:19: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. uint32_t (*random)(void); /* required */ data/libsodium-1.0.18/src/libsodium/randombytes/randombytes.c:25:8: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #undef random data/libsodium-1.0.18/src/libsodium/randombytes/randombytes.c:70:28: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. return implementation->random(); data/libsodium-1.0.18/src/libsodium/sodium/core.c:72:9: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection(&_sodium_lock); data/libsodium-1.0.18/src/libsodium/sodium/core.c:87:5: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&_sodium_lock); data/libsodium-1.0.18/test/quirks/quirks.h:5:8: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #undef random data/libsodium-1.0.18/test/quirks/quirks.h:24:1: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(unsigned seed) data/libsodium-1.0.18/test/quirks/quirks.h:26:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(seed); data/libsodium-1.0.18/test/quirks/quirks.h:30:1: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random(void) data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:56:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char H[16]; data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:213:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. CRYPTO_ALIGN(16) unsigned char padded[16]; data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:520:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. CRYPTO_ALIGN(16) unsigned char H[16]; data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:521:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. CRYPTO_ALIGN(16) unsigned char T[16]; data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:522:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. CRYPTO_ALIGN(16) unsigned char accum[16]; data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:523:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. CRYPTO_ALIGN(16) unsigned char fb[16]; data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:526:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(H, ctx->H, sizeof H); data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:530:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&n2[0], npub, 3 * 4); data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:536:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&fb[0], &x, sizeof x); data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:538:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&fb[8], &x, sizeof x); data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:586:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. CRYPTO_ALIGN(16) unsigned char outni[8 * 16]; \ data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:659:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. CRYPTO_ALIGN(16) unsigned char H[16]; data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:660:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. CRYPTO_ALIGN(16) unsigned char T[16]; data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:661:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. CRYPTO_ALIGN(16) unsigned char accum[16]; data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:662:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. CRYPTO_ALIGN(16) unsigned char fb[16]; data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:670:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&n2[0], npub, 3 * 4); data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:677:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&fb[0], &x, sizeof x); data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:679:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&fb[8], &x, sizeof x); data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:682:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(H, ctx->H, sizeof H); data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:756:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. CRYPTO_ALIGN(16) unsigned char outni[8 * 16]; \ data/libsodium-1.0.18/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c:1076:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:18:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char _pad0[16] = { 0 }; data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:33:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char block0[64U]; data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:34:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char slen[8U]; data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:104:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char block0[64U]; data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:105:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char slen[8U]; data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:178:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char block0[64U]; data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:179:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char slen[8U]; data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:180:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char computed_mac[crypto_aead_chacha20poly1305_ABYTES]; data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:258:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char block0[64U]; data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:259:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char slen[8U]; data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:260:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char computed_mac[crypto_aead_chacha20poly1305_ietf_ABYTES]; data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:361:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_aead_chacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_chacha20poly1305_ietf_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c:397:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_aead_chacha20poly1305_keygen(unsigned char k[crypto_aead_chacha20poly1305_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:20:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char _pad0[16] = { 0 }; data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:35:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char block0[64U]; data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:36:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char slen[8U]; data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:78:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char block0[64U]; data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:79:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char slen[8U]; data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:80:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char computed_mac[crypto_aead_chacha20poly1305_ietf_ABYTES]; data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:132:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k2[crypto_core_hchacha20_OUTPUTBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:133:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char npub2[crypto_aead_chacha20poly1305_ietf_NPUBBYTES] = { 0 }; data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:137:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(npub2 + 4, npub + crypto_core_hchacha20_INPUTBYTES, data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:185:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k2[crypto_core_hchacha20_OUTPUTBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:186:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char npub2[crypto_aead_chacha20poly1305_ietf_NPUBBYTES] = { 0 }; data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:190:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(npub2 + 4, npub + crypto_core_hchacha20_INPUTBYTES, data/libsodium-1.0.18/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c:259:52: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_aead_xchacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_xchacha20poly1305_ietf_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_auth/crypto_auth.c:38:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_auth_keygen(unsigned char k[crypto_auth_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha256/auth_hmacsha256.c:31:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_auth_hmacsha256_keygen(unsigned char k[crypto_auth_hmacsha256_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha256/auth_hmacsha256.c:40:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad[64]; data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha256/auth_hmacsha256.c:41:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char khash[32]; data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha256/auth_hmacsha256.c:84:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ihash[32]; data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha256/auth_hmacsha256.c:112:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char correct[32]; data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha512/auth_hmacsha512.c:31:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_auth_hmacsha512_keygen(unsigned char k[crypto_auth_hmacsha512_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha512/auth_hmacsha512.c:40:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad[128]; data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha512/auth_hmacsha512.c:41:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char khash[64]; data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha512/auth_hmacsha512.c:84:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ihash[64]; data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha512/auth_hmacsha512.c:112:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char correct[64]; data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha512256/auth_hmacsha512256.c:33:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k[crypto_auth_hmacsha512256_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha512256/auth_hmacsha512256.c:59:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out0[64]; data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha512256/auth_hmacsha512256.c:62:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, out0, 32); data/libsodium-1.0.18/src/libsodium/crypto_auth/hmacsha512256/auth_hmacsha512256.c:87:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char correct[32]; data/libsodium-1.0.18/src/libsodium/crypto_box/crypto_box_easy.c:26:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k[crypto_box_BEFORENMBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_box/crypto_box_easy.c:79:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k[crypto_box_BEFORENMBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_box/crypto_box_seal.c:27:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char nonce[crypto_box_NONCEBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_box/crypto_box_seal.c:28:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char epk[crypto_box_PUBLICKEYBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_box/crypto_box_seal.c:29:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char esk[crypto_box_SECRETKEYBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_box/crypto_box_seal.c:35:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, epk, crypto_box_PUBLICKEYBYTES); data/libsodium-1.0.18/src/libsodium/crypto_box/crypto_box_seal.c:51:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char nonce[crypto_box_NONCEBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c:22:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hash[64]; data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c:25:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sk, hash, 32); data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c:45:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char zero[16] = { 0 }; data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c:46:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[32]; data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c:68:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k[crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c:125:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k[crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_seal_curve25519xchacha20poly1305.c:33:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char nonce[crypto_box_curve25519xchacha20poly1305_NONCEBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_seal_curve25519xchacha20poly1305.c:34:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char epk[crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_seal_curve25519xchacha20poly1305.c:35:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char esk[crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_seal_curve25519xchacha20poly1305.c:41:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, epk, crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES); data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_seal_curve25519xchacha20poly1305.c:59:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char nonce[crypto_box_curve25519xchacha20poly1305_NONCEBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xsalsa20poly1305/box_curve25519xsalsa20poly1305.c:16:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hash[64]; data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xsalsa20poly1305/box_curve25519xsalsa20poly1305.c:19:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sk, hash, 32); data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xsalsa20poly1305/box_curve25519xsalsa20poly1305.c:39:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char zero[16] = { 0 }; data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xsalsa20poly1305/box_curve25519xsalsa20poly1305.c:40:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[32]; data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xsalsa20poly1305/box_curve25519xsalsa20poly1305.c:75:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_box/curve25519xsalsa20poly1305/box_curve25519xsalsa20poly1305.c:92:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:84:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char h[crypto_core_ed25519_HASHBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:118:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char t_[crypto_core_ed25519_NONREDUCEDSCALARBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:119:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s_[crypto_core_ed25519_NONREDUCEDSCALARBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:125:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t_ + crypto_core_ed25519_SCALARBYTES, L, data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:127:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s_, s, crypto_core_ed25519_SCALARBYTES); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:130:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(neg, t_, crypto_core_ed25519_SCALARBYTES); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:137:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char t_[crypto_core_ed25519_NONREDUCEDSCALARBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:138:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s_[crypto_core_ed25519_NONREDUCEDSCALARBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:145:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t_ + crypto_core_ed25519_SCALARBYTES, L, data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:147:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s_, s, crypto_core_ed25519_SCALARBYTES); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:150:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(comp, t_, crypto_core_ed25519_SCALARBYTES); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:157:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char x_[crypto_core_ed25519_NONREDUCEDSCALARBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:158:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char y_[crypto_core_ed25519_NONREDUCEDSCALARBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:162:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x_, x, crypto_core_ed25519_SCALARBYTES); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:163:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(y_, y, crypto_core_ed25519_SCALARBYTES); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:172:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char yn[crypto_core_ed25519_SCALARBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:189:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char t[crypto_core_ed25519_NONREDUCEDSCALARBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:191:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t, s, sizeof t); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ed25519.c:193:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r, t, crypto_core_ed25519_SCALARBYTES); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/core_ristretto255.c:73:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char h[crypto_core_ristretto255_HASHBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:682:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char aslide[256]; data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:683:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char bslide[256]; data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:770:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char e[64]; data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:863:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char e[64]; data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:915:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const signed char aslide[253] = { data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:1019:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ge25519_has_small_order(const unsigned char s[32]) data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:1054:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c[7] = { 0 }; data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:1085:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sc25519_mul(unsigned char s[32], const unsigned char a[32], const unsigned char b[32]) data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:1085:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sc25519_mul(unsigned char s[32], const unsigned char a[32], const unsigned char b[32]) data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:1085:76: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sc25519_mul(unsigned char s[32], const unsigned char a[32], const unsigned char b[32]) data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:1558:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sc25519_muladd(unsigned char s[32], const unsigned char a[32], data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:1558:52: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sc25519_muladd(unsigned char s[32], const unsigned char a[32], data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:1559:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char b[32], const unsigned char c[32]) data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:1559:58: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char b[32], const unsigned char c[32]) data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2061:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sc25519_sqmul(unsigned char s[32], const int n, const unsigned char a[32]) data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2061:64: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sc25519_sqmul(unsigned char s[32], const int n, const unsigned char a[32]) data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2072:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sc25519_invert(unsigned char recip[32], const unsigned char s[32]) data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2072:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sc25519_invert(unsigned char recip[32], const unsigned char s[32]) data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2074:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char _10[32], _100[32], _11[32], _101[32], _111[32], data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2127:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sc25519_reduce(unsigned char s[64]) data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2451:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sc25519_is_canonical(const unsigned char s[32]) data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2454:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char L[32] = { data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2529:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ge25519_elligator2(unsigned char s[32], const fe25519 r, const unsigned char x_sign) data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2596:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ge25519_from_uniform(unsigned char s[32], const unsigned char r[32]) data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2596:58: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ge25519_from_uniform(unsigned char s[32], const unsigned char r[32]) data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2601:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, r, 32); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2609:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ge25519_from_hash(unsigned char s[32], const unsigned char h[64]) data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2609:55: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ge25519_from_hash(unsigned char s[32], const unsigned char h[64]) data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2611:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char fl[32]; data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2612:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char gl[32]; data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2850:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ristretto255_from_hash(unsigned char s[32], const unsigned char h[64]) data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:2850:60: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ristretto255_from_hash(unsigned char s[32], const unsigned char h[64]) data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/generichash_blake2.c:52:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_generichash_blake2b_keygen(unsigned char k[crypto_generichash_blake2b_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-avx2.h:23:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, sizeof v); data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c:80:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(P->salt, salt, BLAKE2B_SALTBYTES); data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c:88:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(P->personal, personal, BLAKE2B_PERSONALBYTES); data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c:208:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(block, key, keylen); /* key and keylen cannot be 0 */ data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c:254:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(block, key, keylen); /* key and keylen cannot be 0 */ data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c:270:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(S->buf + left, in, fill); /* Fill buffer */ data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c:274:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(S->buf, S->buf + BLAKE2B_BLOCKBYTES, data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c:281:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(S->buf + left, in, inlen); data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c:294:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[BLAKE2B_OUTBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c:307:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(S->buf, S->buf + BLAKE2B_BLOCKBYTES, S->buflen); data/libsodium-1.0.18/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c:325:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, buffer, outlen); /* outlen <= BLAKE2B_OUTBYTES (64) */ data/libsodium-1.0.18/src/libsodium/crypto_generichash/crypto_generichash.c:88:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_generichash_keygen(unsigned char k[crypto_generichash_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_hash/sha256/cp/hash_sha256_cp.c:104:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(S, state, 32); data/libsodium-1.0.18/src/libsodium/crypto_hash/sha256/cp/hash_sha256_cp.c:184:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->state, sha256_initial_state, sizeof sha256_initial_state); data/libsodium-1.0.18/src/libsodium/crypto_hash/sha512/cp/hash_sha512_cp.c:120:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(S, state, 64); data/libsodium-1.0.18/src/libsodium/crypto_hash/sha512/cp/hash_sha512_cp.c:204:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->state, sha512_initial_state, sizeof sha512_initial_state); data/libsodium-1.0.18/src/libsodium/crypto_kdf/blake2b/kdf_blake2b.c:31:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int crypto_kdf_blake2b_derive_from_key(unsigned char *subkey, size_t subkey_len, data/libsodium-1.0.18/src/libsodium/crypto_kdf/blake2b/kdf_blake2b.c:33:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char ctx[crypto_kdf_blake2b_CONTEXTBYTES], data/libsodium-1.0.18/src/libsodium/crypto_kdf/blake2b/kdf_blake2b.c:34:55: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char key[crypto_kdf_blake2b_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_kdf/blake2b/kdf_blake2b.c:36:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ctx_padded[crypto_generichash_blake2b_PERSONALBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_kdf/blake2b/kdf_blake2b.c:37:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char salt[crypto_generichash_blake2b_SALTBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_kdf/blake2b/kdf_blake2b.c:39:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx_padded, ctx, crypto_kdf_blake2b_CONTEXTBYTES); data/libsodium-1.0.18/src/libsodium/crypto_kdf/crypto_kdf.c:36:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_kdf_derive_from_key(unsigned char *subkey, size_t subkey_len, data/libsodium-1.0.18/src/libsodium/crypto_kdf/crypto_kdf.c:38:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char ctx[crypto_kdf_CONTEXTBYTES], data/libsodium-1.0.18/src/libsodium/crypto_kdf/crypto_kdf.c:39:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char key[crypto_kdf_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_kdf/crypto_kdf.c:46:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_kdf_keygen(unsigned char k[crypto_kdf_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:13:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_kx_seed_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES], data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:14:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sk[crypto_kx_SECRETKEYBYTES], data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:15:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char seed[crypto_kx_SEEDBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:23:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_kx_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES], data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:24:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sk[crypto_kx_SECRETKEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:34:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES], data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:35:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tx[crypto_kx_SESSIONKEYBYTES], data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:36:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES], data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:37:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char client_sk[crypto_kx_SECRETKEYBYTES], data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:38:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:41:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char q[crypto_scalarmult_BYTES]; data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:42:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char keys[2 * crypto_kx_SESSIONKEYBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:75:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_kx_server_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES], data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:76:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tx[crypto_kx_SESSIONKEYBYTES], data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:77:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES], data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:78:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char server_sk[crypto_kx_SECRETKEYBYTES], data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:79:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:82:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char q[crypto_scalarmult_BYTES]; data/libsodium-1.0.18/src/libsodium/crypto_kx/crypto_kx.c:83:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char keys[2 * crypto_kx_SESSIONKEYBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/crypto_onetimeauth.c:68:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_onetimeauth_keygen(unsigned char k[crypto_onetimeauth_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna.c:108:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char correct[16]; data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h:24:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[poly1305_block_size]; data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h:29:61: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. poly1305_init(poly1305_state_internal_t *st, const unsigned char key[32]) data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h:140:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. poly1305_finish(poly1305_state_internal_t *st, unsigned char mac[16]) data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h:30:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[poly1305_block_size]; data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h:35:61: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. poly1305_init(poly1305_state_internal_t *st, const unsigned char key[32]) data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h:136:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. poly1305_finish(poly1305_state_internal_t *st, unsigned char mac[16]) data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305.c:75:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k[crypto_onetimeauth_poly1305_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:51:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[poly1305_block_size]; /* 32 bytes */ data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:64:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp, m, 8); data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:83:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, 8); data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:88:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, 4); data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:93:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, 2); data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:103:65: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. poly1305_init_ext(poly1305_state_internal_t *st, const unsigned char key[32], data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:122:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&t0, key, 8); data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:123:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&t1, key + 8, 8); data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:140:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&st->pad[0], key + 16, 8); data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:141:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&st->pad[1], key + 24, 8); data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:803:67: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. poly1305_finish_ext(poly1305_state_internal_t *st, const unsigned char *m, data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:804:59: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned long long leftover, unsigned char mac[16]) data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:809:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. CRYPTO_ALIGN(16) unsigned char final[32] = { 0 }; data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:848:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&h, &st->pad[0], 16); data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:863:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mac[0], &h0, 8); data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:864:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mac[8], &h1, 8); data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:870:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. poly1305_finish(poly1305_state_internal_t *st, unsigned char mac[16]) data/libsodium-1.0.18/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c:931:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char correct[16]; data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-core.c:98:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&memory, &base, sizeof memory); data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-core.c:103:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&memory, &base, sizeof memory); data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-core.c:112:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&memory, &aligned, sizeof memory); data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-core.h:76:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->v, src->v, sizeof(uint64_t) * ARGON2_QWORDS_IN_BLOCK); data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c:216:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[U32_STR_MAXSIZE - 1U]; data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c:224:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, &tmp[i], (sizeof tmp) - i); data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c:249:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, str, pp_len + 1); \ data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c:256:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[U32_STR_MAXSIZE]; \ data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-avx2.c:190:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state, ((instance->region->memory + prev_offset)->v), data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-avx512f.c:195:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state, ((instance->region->memory + prev_offset)->v), data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-ssse3.c:189:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state, ((instance->region->memory + prev_offset)->v), data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2.c:139:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hash, out, hashlen); data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/blake2b-long.c:54:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, out_buffer, crypto_generichash_blake2b_BYTES_MAX / 2); data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/blake2b-long.c:60:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(in_buffer, out_buffer, crypto_generichash_blake2b_BYTES_MAX); data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/blake2b-long.c:64:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, out_buffer, crypto_generichash_blake2b_BYTES_MAX / 2); data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/blake2b-long.c:69:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(in_buffer, out_buffer, crypto_generichash_blake2b_BYTES_MAX); data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/blake2b-long.c:73:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, out_buffer, toproduce); data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c:182:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_pwhash_argon2i_str(char out[crypto_pwhash_argon2i_STRBYTES], data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c:187:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char salt[crypto_pwhash_argon2i_SALTBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c:213:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_pwhash_argon2i_str_verify(const char str[crypto_pwhash_argon2i_STRBYTES], data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c:279:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_pwhash_argon2i_str_needs_rehash(const char str[crypto_pwhash_argon2i_STRBYTES], data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c:286:47: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_pwhash_argon2id_str_needs_rehash(const char str[crypto_pwhash_argon2id_STRBYTES], data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/pwhash_argon2id.c:178:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_pwhash_argon2id_str(char out[crypto_pwhash_argon2id_STRBYTES], data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/pwhash_argon2id.c:183:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char salt[crypto_pwhash_argon2id_SALTBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/pwhash_argon2id.c:209:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_pwhash_argon2id_str_verify(const char str[crypto_pwhash_argon2id_STRBYTES], data/libsodium-1.0.18/src/libsodium/crypto_pwhash/crypto_pwhash.c:148:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_pwhash_str(char out[crypto_pwhash_STRBYTES], data/libsodium-1.0.18/src/libsodium/crypto_pwhash/crypto_pwhash.c:157:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_pwhash_str_alg(char out[crypto_pwhash_STRBYTES], data/libsodium-1.0.18/src/libsodium/crypto_pwhash/crypto_pwhash.c:175:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_pwhash_str_verify(const char str[crypto_pwhash_STRBYTES], data/libsodium-1.0.18/src/libsodium/crypto_pwhash/crypto_pwhash.c:193:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_pwhash_str_needs_rehash(const char str[crypto_pwhash_STRBYTES], data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c:183:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, setting, prefixlen + saltlen); data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pbkdf2-sha256.c:71:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&hctx, &PShctx, sizeof(crypto_auth_hmacsha256_state)); data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pbkdf2-sha256.c:75:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(T, U, 32); data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pbkdf2-sha256.c:92:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[i * 32], T, clen); data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c:187:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out[crypto_pwhash_scryptsalsa208sha256_STRBYTES], data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c:192:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char setting[crypto_pwhash_scryptsalsa208sha256_STRSETTINGBYTES + 1U]; data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c:241:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char str[crypto_pwhash_scryptsalsa208sha256_STRBYTES], data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c:244:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wanted[crypto_pwhash_scryptsalsa208sha256_STRBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c:271:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char str[crypto_pwhash_scryptsalsa208sha256_STRBYTES], data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c:17:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. has_small_order(const unsigned char s[32]) data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c:52:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c[7] = { 0 }; data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c:9:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. _crypto_scalarmult_ed25519_is_inf(const unsigned char s[32]) data/libsodium-1.0.18/src/libsodium/crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c:24:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. _crypto_scalarmult_ed25519_clamp(unsigned char k[32]) data/libsodium-1.0.18/src/libsodium/crypto_secretbox/crypto_secretbox.c:64:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_secretbox_keygen(unsigned char k[crypto_secretbox_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c:23:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char block0[64U]; data/libsodium-1.0.18/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c:24:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char subkey[crypto_stream_salsa20_KEYBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c:89:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char block0[64U]; data/libsodium-1.0.18/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c:90:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char subkey[crypto_stream_salsa20_KEYBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c:27:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char block0[64U]; data/libsodium-1.0.18/src/libsodium/crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c:28:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char subkey[crypto_stream_chacha20_KEYBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c:96:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char block0[64U]; data/libsodium-1.0.18/src/libsodium/crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c:97:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char subkey[crypto_stream_chacha20_KEYBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_secretbox/xsalsa20poly1305/secretbox_xsalsa20poly1305.c:31:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char subkey[32]; data/libsodium-1.0.18/src/libsodium/crypto_secretbox/xsalsa20poly1305/secretbox_xsalsa20poly1305.c:86:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_secretbox_xsalsa20poly1305_keygen(unsigned char k[crypto_secretbox_xsalsa20poly1305_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:24:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char _pad0[16] = { 0 }; data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:37:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:45:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[crypto_secretstream_xchacha20poly1305_HEADERBYTES], data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:46:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:60:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(STATE_INONCE(state), out + crypto_core_hchacha20_INPUTBYTES, data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:70:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char in[crypto_secretstream_xchacha20poly1305_HEADERBYTES], data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:71:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:75:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(STATE_INONCE(state), in + crypto_core_hchacha20_INPUTBYTES, data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:86:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char new_key_and_inonce[crypto_stream_chacha20_ietf_KEYBYTES + data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:118:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char block[64U]; data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:119:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char slen[8U]; data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:186:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char block[64U]; data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:187:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char slen[8U]; data/libsodium-1.0.18/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c:188:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mac[crypto_onetimeauth_poly1305_BYTES]; data/libsodium-1.0.18/src/libsodium/crypto_shorthash/crypto_shorthash.c:31:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_shorthash_keygen(unsigned char k[crypto_shorthash_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/keypair.c:35:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char seed[32]; data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/keypair.c:73:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char h[crypto_hash_sha512_BYTES]; data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/keypair.c:79:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(curve25519_sk, h, crypto_scalarmult_curve25519_BYTES); data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c:39:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char nonce[64]; data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c:40:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hram[64]; data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c:41:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sig[64]; data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c:62:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sm, sig, 32); data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c:63:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sm + 32 + mlen, sig + 32, 32); data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c:76:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char h[64]; data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c:77:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char t1[32], t2[32]; data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/open.c:21:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char h[64]; data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/open.c:22:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rcheck[32]; data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign.c:14:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char DOM2PREFIX[32 + 2] = { data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign.c:28:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. _crypto_sign_ed25519_clamp(unsigned char k[32]) data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign.c:39:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char Z[32], data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign.c:40:52: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char sk[64]) data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign.c:42:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char B[32] = { data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign.c:48:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char zeros[128] = { 0x00 }; data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign.c:49:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char empty_labelset[3] = { 0x02, 0x00, 0x00 }; data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign.c:70:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char az[64]; data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign.c:71:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char nonce[64]; data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/ref10/sign.c:72:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hram[64]; data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/sign_ed25519.c:80:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ph[crypto_hash_sha512_BYTES]; data/libsodium-1.0.18/src/libsodium/crypto_sign/ed25519/sign_ed25519.c:92:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ph[crypto_hash_sha512_BYTES]; data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/stream_chacha20.c:155:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_stream_chacha20_ietf_keygen(unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_stream/chacha20/stream_chacha20.c:161:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_stream_chacha20_keygen(unsigned char k[crypto_stream_chacha20_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_stream/crypto_stream.c:46:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_stream_keygen(unsigned char k[crypto_stream_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/ref/salsa20_ref.c:22:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char in[16]; data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/ref/salsa20_ref.c:23:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char block[64]; data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/ref/salsa20_ref.c:24:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char kcopy[32]; data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/ref/salsa20_ref.c:68:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char in[16]; data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/ref/salsa20_ref.c:69:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char block[64]; data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/ref/salsa20_ref.c:70:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char kcopy[32]; data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa20/stream_salsa20.c:72:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_stream_salsa20_keygen(unsigned char k[crypto_stream_salsa20_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa2012/ref/stream_salsa2012_ref.c:17:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char in[16]; data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa2012/ref/stream_salsa2012_ref.c:18:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char block[64]; data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa2012/ref/stream_salsa2012_ref.c:19:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char kcopy[32]; data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa2012/ref/stream_salsa2012_ref.c:63:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char in[16]; data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa2012/ref/stream_salsa2012_ref.c:64:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char block[64]; data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa2012/ref/stream_salsa2012_ref.c:65:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char kcopy[32]; data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa2012/stream_salsa2012.c:23:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_stream_salsa2012_keygen(unsigned char k[crypto_stream_salsa2012_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa208/ref/stream_salsa208_ref.c:17:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char in[16]; data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa208/ref/stream_salsa208_ref.c:18:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char block[64]; data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa208/ref/stream_salsa208_ref.c:19:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char kcopy[32]; data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa208/ref/stream_salsa208_ref.c:63:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char in[16]; data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa208/ref/stream_salsa208_ref.c:64:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char block[64]; data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa208/ref/stream_salsa208_ref.c:65:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char kcopy[32]; data/libsodium-1.0.18/src/libsodium/crypto_stream/salsa208/stream_salsa208.c:23:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_stream_salsa208_keygen(unsigned char k[crypto_stream_salsa208_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_stream/xchacha20/stream_xchacha20.c:32:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k2[crypto_core_hchacha20_OUTPUTBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_stream/xchacha20/stream_xchacha20.c:49:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k2[crypto_core_hchacha20_OUTPUTBYTES]; data/libsodium-1.0.18/src/libsodium/crypto_stream/xchacha20/stream_xchacha20.c:66:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k[crypto_stream_xchacha20_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/crypto_stream/xsalsa20/stream_xsalsa20.c:11:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char subkey[32]; data/libsodium-1.0.18/src/libsodium/crypto_stream/xsalsa20/stream_xsalsa20.c:26:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char subkey[32]; data/libsodium-1.0.18/src/libsodium/crypto_stream/xsalsa20/stream_xsalsa20.c:63:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_stream_xsalsa20_keygen(unsigned char k[crypto_stream_xsalsa20_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_aead_aes256gcm.h:60:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char opaque[512]; data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_aead_aes256gcm.h:172:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h:89:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_aead_chacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_chacha20poly1305_ietf_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h:165:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_aead_chacha20poly1305_keygen(unsigned char k[crypto_aead_chacha20poly1305_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_aead_xchacha20poly1305.h:85:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_aead_xchacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_xchacha20poly1305_ietf_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_auth.h:39:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_auth_keygen(unsigned char k[crypto_auth_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_auth_hmacsha256.h:63:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_auth_hmacsha256_keygen(unsigned char k[crypto_auth_hmacsha256_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_auth_hmacsha512.h:61:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_auth_hmacsha512_keygen(unsigned char k[crypto_auth_hmacsha512_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_auth_hmacsha512256.h:58:48: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_auth_hmacsha512256_keygen(unsigned char k[crypto_auth_hmacsha512256_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_generichash.h:77:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_generichash_keygen(unsigned char k[crypto_generichash_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_generichash_blake2b.h:24:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char opaque[384]; data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_generichash_blake2b.h:111:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_generichash_blake2b_keygen(unsigned char k[crypto_generichash_blake2b_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kdf.h:39:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int crypto_kdf_derive_from_key(unsigned char *subkey, size_t subkey_len, data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kdf.h:41:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char ctx[crypto_kdf_CONTEXTBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kdf.h:42:47: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char key[crypto_kdf_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kdf.h:46:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_kdf_keygen(unsigned char k[crypto_kdf_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kdf_blake2b.h:34:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int crypto_kdf_blake2b_derive_from_key(unsigned char *subkey, size_t subkey_len, data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kdf_blake2b.h:36:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char ctx[crypto_kdf_blake2b_CONTEXTBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kdf_blake2b.h:37:55: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char key[crypto_kdf_blake2b_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:36:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int crypto_kx_seed_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:37:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sk[crypto_kx_SECRETKEYBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:38:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char seed[crypto_kx_SEEDBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:42:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int crypto_kx_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:43:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sk[crypto_kx_SECRETKEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:47:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:48:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tx[crypto_kx_SESSIONKEYBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:49:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:50:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char client_sk[crypto_kx_SECRETKEYBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:51:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:55:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int crypto_kx_server_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:56:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tx[crypto_kx_SESSIONKEYBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:57:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:58:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char server_sk[crypto_kx_SECRETKEYBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_kx.h:59:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_onetimeauth.h:58:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_onetimeauth_keygen(unsigned char k[crypto_onetimeauth_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h:20:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char opaque[256]; data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h:65:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_onetimeauth_poly1305_keygen(unsigned char k[crypto_onetimeauth_poly1305_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash.h:116:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int crypto_pwhash_str(char out[crypto_pwhash_STRBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash.h:122:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int crypto_pwhash_str_alg(char out[crypto_pwhash_STRBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash.h:128:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int crypto_pwhash_str_verify(const char str[crypto_pwhash_STRBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash.h:134:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int crypto_pwhash_str_needs_rehash(const char str[crypto_pwhash_STRBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_argon2i.h:101:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int crypto_pwhash_argon2i_str(char out[crypto_pwhash_argon2i_STRBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_argon2i.h:108:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int crypto_pwhash_argon2i_str_verify(const char str[crypto_pwhash_argon2i_STRBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_argon2i.h:114:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int crypto_pwhash_argon2i_str_needs_rehash(const char str[crypto_pwhash_argon2i_STRBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_argon2id.h:101:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int crypto_pwhash_argon2id_str(char out[crypto_pwhash_argon2id_STRBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_argon2id.h:108:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int crypto_pwhash_argon2id_str_verify(const char str[crypto_pwhash_argon2id_STRBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_argon2id.h:114:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int crypto_pwhash_argon2id_str_needs_rehash(const char str[crypto_pwhash_argon2id_STRBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h:90:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int crypto_pwhash_scryptsalsa208sha256_str(char out[crypto_pwhash_scryptsalsa208sha256_STRBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h:98:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int crypto_pwhash_scryptsalsa208sha256_str_verify(const char str[crypto_pwhash_scryptsalsa208sha256_STRBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h:111:63: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int crypto_pwhash_scryptsalsa208sha256_str_needs_rehash(const char str[crypto_pwhash_scryptsalsa208sha256_STRBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretbox.h:65:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_secretbox_keygen(unsigned char k[crypto_secretbox_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretbox_xsalsa20poly1305.h:50:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_secretbox_xsalsa20poly1305_keygen(unsigned char k[crypto_secretbox_xsalsa20poly1305_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h:57:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES]; data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h:58:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char nonce[crypto_stream_chacha20_ietf_NONCEBYTES]; data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h:59:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char _pad[8]; data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h:67:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h:73:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char header[crypto_secretstream_xchacha20poly1305_HEADERBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h:74:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h:88:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char header[crypto_secretstream_xchacha20poly1305_HEADERBYTES], data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h:89:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_shorthash.h:34:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_shorthash_keygen(unsigned char k[crypto_shorthash_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream.h:52:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_stream_keygen(unsigned char k[crypto_stream_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_chacha20.h:56:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_stream_chacha20_keygen(unsigned char k[crypto_stream_chacha20_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_chacha20.h:93:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_stream_chacha20_ietf_keygen(unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_salsa20.h:54:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_stream_salsa20_keygen(unsigned char k[crypto_stream_salsa20_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_salsa2012.h:46:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_stream_salsa2012_keygen(unsigned char k[crypto_stream_salsa2012_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_salsa208.h:49:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_stream_salsa208_keygen(unsigned char k[crypto_stream_salsa208_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_xchacha20.h:54:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_stream_xchacha20_keygen(unsigned char k[crypto_stream_xchacha20_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/crypto_stream_xsalsa20.h:54:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void crypto_stream_xsalsa20_keygen(unsigned char k[crypto_stream_xsalsa20_KEYBYTES]) data/libsodium-1.0.18/src/libsodium/include/sodium/private/common.h:67:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&w, src, sizeof w); data/libsodium-1.0.18/src/libsodium/include/sodium/private/common.h:87:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, &w, sizeof w); data/libsodium-1.0.18/src/libsodium/include/sodium/private/common.h:106:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&w, src, sizeof w); data/libsodium-1.0.18/src/libsodium/include/sodium/private/common.h:122:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, &w, sizeof w); data/libsodium-1.0.18/src/libsodium/include/sodium/private/common.h:139:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&w, src, sizeof w); data/libsodium-1.0.18/src/libsodium/include/sodium/private/common.h:159:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, &w, sizeof w); data/libsodium-1.0.18/src/libsodium/include/sodium/private/common.h:178:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&w, src, sizeof w); data/libsodium-1.0.18/src/libsodium/include/sodium/private/common.h:194:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, &w, sizeof w); data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:109:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int ge25519_has_small_order(const unsigned char s[32]); data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:111:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void ge25519_from_uniform(unsigned char s[32], const unsigned char r[32]); data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:111:63: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void ge25519_from_uniform(unsigned char s[32], const unsigned char r[32]); data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:113:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void ge25519_from_hash(unsigned char s[32], const unsigned char h[64]); data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:113:60: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void ge25519_from_hash(unsigned char s[32], const unsigned char h[64]); data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:123:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void ristretto255_from_hash(unsigned char s[32], const unsigned char h[64]); data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:123:65: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void ristretto255_from_hash(unsigned char s[32], const unsigned char h[64]); data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:130:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sc25519_invert(unsigned char recip[32], const unsigned char s[32]); data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:130:61: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sc25519_invert(unsigned char recip[32], const unsigned char s[32]); data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:132:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sc25519_reduce(unsigned char s[64]); data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:134:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sc25519_mul(unsigned char s[32], const unsigned char a[32], data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:134:54: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sc25519_mul(unsigned char s[32], const unsigned char a[32], data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:135:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char b[32]); data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:137:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sc25519_muladd(unsigned char s[32], const unsigned char a[32], data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:137:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void sc25519_muladd(unsigned char s[32], const unsigned char a[32], data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:138:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char b[32], const unsigned char c[32]); data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:138:63: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char b[32], const unsigned char c[32]); data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10.h:140:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int sc25519_is_canonical(const unsigned char s[32]); data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10_fe_25_5.h:310:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[32]; data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10_fe_25_5.h:328:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[32]; data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:215:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[32]; data/libsodium-1.0.18/src/libsodium/include/sodium/private/ed25519_ref10_fe_51.h:230:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[32]; data/libsodium-1.0.18/src/libsodium/include/sodium/randombytes.h:40:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char seed[randombytes_SEEDBYTES]) data/libsodium-1.0.18/src/libsodium/randombytes/internal/randombytes_internal_random.c:118:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char key[crypto_stream_chacha20_KEYBYTES]; data/libsodium-1.0.18/src/libsodium/randombytes/internal/randombytes_internal_random.c:119:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rnd32[16U * INTERNAL_RANDOM_BLOCK_SIZE]; data/libsodium-1.0.18/src/libsodium/randombytes/internal/randombytes_internal_random.c:257:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/random", O_RDONLY); data/libsodium-1.0.18/src/libsodium/randombytes/internal/randombytes_internal_random.c:296:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(*device, O_RDONLY); data/libsodium-1.0.18/src/libsodium/randombytes/internal/randombytes_internal_random.c:353:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char fodder[16]; data/libsodium-1.0.18/src/libsodium/randombytes/internal/randombytes_internal_random.c:363:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char fodder[16]; data/libsodium-1.0.18/src/libsodium/randombytes/internal/randombytes_internal_random.c:612:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&val, &stream.rnd32[stream.rnd32_outleft], sizeof val); data/libsodium-1.0.18/src/libsodium/randombytes/randombytes.c:162:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char seed[randombytes_SEEDBYTES]) data/libsodium-1.0.18/src/libsodium/randombytes/randombytes.c:164:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char nonce[crypto_stream_chacha20_ietf_NONCEBYTES] = { data/libsodium-1.0.18/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c:158:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/random", O_RDONLY); data/libsodium-1.0.18/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c:197:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(*device, O_RDONLY); data/libsodium-1.0.18/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c:268:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char fodder[16]; data/libsodium-1.0.18/src/libsodium/sodium/utils.c:85:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char canary[CANARY_SIZE]; data/libsodium-1.0.18/src/libsodium/sodium/utils.c:138:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char fodder[len]; data/libsodium-1.0.18/src/libsodium/sodium/utils.c:593:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(unprotected_ptr + unprotected_size, canary, sizeof canary); data/libsodium-1.0.18/src/libsodium/sodium/utils.c:600:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(canary_ptr, canary, sizeof canary); data/libsodium-1.0.18/src/libsodium/sodium/utils.c:601:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(base_ptr, &unprotected_size, sizeof unprotected_size); data/libsodium-1.0.18/src/libsodium/sodium/utils.c:654:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&unprotected_size, base_ptr, sizeof unprotected_size); data/libsodium-1.0.18/src/libsodium/sodium/utils.c:690:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&unprotected_size, base_ptr, sizeof unprotected_size); data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:7:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char nonce_hex[crypto_aead_aes256gcm_NPUBBYTES * 2 + 1]; data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:11:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char mac_hex[crypto_aead_aes256gcm_ABYTES * 2 + 1]; data/libsodium-1.0.18/test/default/aead_chacha20poly1305.c:14:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char firstkey[crypto_aead_chacha20poly1305_KEYBYTES] data/libsodium-1.0.18/test/default/aead_chacha20poly1305.c:18:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char m[MLEN] data/libsodium-1.0.18/test/default/aead_chacha20poly1305.c:20:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char nonce[crypto_aead_chacha20poly1305_NPUBBYTES] data/libsodium-1.0.18/test/default/aead_chacha20poly1305.c:22:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char ad[ADLEN] data/libsodium-1.0.18/test/default/aead_chacha20poly1305.c:137:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, m, MLEN); data/libsodium-1.0.18/test/default/aead_chacha20poly1305.c:189:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char firstkey[crypto_aead_chacha20poly1305_ietf_KEYBYTES] data/libsodium-1.0.18/test/default/aead_chacha20poly1305.c:200:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char nonce[crypto_aead_chacha20poly1305_ietf_NPUBBYTES] data/libsodium-1.0.18/test/default/aead_chacha20poly1305.c:203:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char ad[ADLEN] data/libsodium-1.0.18/test/default/aead_chacha20poly1305.c:215:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m, MESSAGE, MLEN); data/libsodium-1.0.18/test/default/aead_chacha20poly1305.c:318:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, m, MLEN); data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:7:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char nonce_hex[crypto_aead_chacha20poly1305_ietf_NPUBBYTES * 2 + 1]; data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:11:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char mac_hex[crypto_aead_chacha20poly1305_ietf_ABYTES * 2 + 1]; data/libsodium-1.0.18/test/default/aead_xchacha20poly1305.c:14:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char firstkey[crypto_aead_xchacha20poly1305_ietf_KEYBYTES] data/libsodium-1.0.18/test/default/aead_xchacha20poly1305.c:25:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char nonce[crypto_aead_xchacha20poly1305_ietf_NPUBBYTES] data/libsodium-1.0.18/test/default/aead_xchacha20poly1305.c:28:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char ad[ADLEN] data/libsodium-1.0.18/test/default/aead_xchacha20poly1305.c:41:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m, MESSAGE, MLEN); data/libsodium-1.0.18/test/default/aead_xchacha20poly1305.c:144:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, m, MLEN); data/libsodium-1.0.18/test/default/auth.c:6:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char key[32] = "Jefe"; data/libsodium-1.0.18/test/default/auth.c:15:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char a[crypto_auth_BYTES]; data/libsodium-1.0.18/test/default/auth.c:16:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char a2[crypto_auth_hmacsha512_BYTES]; data/libsodium-1.0.18/test/default/auth.c:17:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char a3[crypto_auth_hmacsha512_BYTES]; data/libsodium-1.0.18/test/default/auth2.c:6:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char key[32] = { data/libsodium-1.0.18/test/default/auth2.c:12:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char c[50] = { 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, data/libsodium-1.0.18/test/default/auth2.c:20:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char a[32]; data/libsodium-1.0.18/test/default/auth3.c:6:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char key[32] = { data/libsodium-1.0.18/test/default/auth3.c:12:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char c[50] = { 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, data/libsodium-1.0.18/test/default/auth3.c:20:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char a[32] = { 0x37, 0x2e, 0xfc, 0xf9, 0xb4, 0x0b, 0x35, 0xc2, data/libsodium-1.0.18/test/default/auth3.c:28:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char a2[crypto_auth_hmacsha256_BYTES]; data/libsodium-1.0.18/test/default/auth5.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char key[32]; data/libsodium-1.0.18/test/default/auth5.c:6:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char c[1000]; data/libsodium-1.0.18/test/default/auth5.c:7:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char a[32]; data/libsodium-1.0.18/test/default/auth6.c:6:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char key[32] = "Jefe"; data/libsodium-1.0.18/test/default/auth6.c:9:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char a[64]; data/libsodium-1.0.18/test/default/auth7.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char key[32]; data/libsodium-1.0.18/test/default/auth7.c:6:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char c[600]; data/libsodium-1.0.18/test/default/auth7.c:7:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char a[64]; data/libsodium-1.0.18/test/default/box.c:5:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char alicesk[32] = { data/libsodium-1.0.18/test/default/box.c:11:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char bobpk[32] = { data/libsodium-1.0.18/test/default/box.c:17:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char small_order_p[crypto_box_PUBLICKEYBYTES] = { data/libsodium-1.0.18/test/default/box.c:23:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, data/libsodium-1.0.18/test/default/box.c:29:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char m[163] = { data/libsodium-1.0.18/test/default/box.c:46:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char c[163]; data/libsodium-1.0.18/test/default/box.c:51:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k[crypto_box_BEFORENMBYTES]; data/libsodium-1.0.18/test/default/box2.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char bobsk[32] = { 0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a, data/libsodium-1.0.18/test/default/box2.c:11:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char alicepk[32] = { 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, data/libsodium-1.0.18/test/default/box2.c:17:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char small_order_p[crypto_box_PUBLICKEYBYTES] = { data/libsodium-1.0.18/test/default/box2.c:23:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, data/libsodium-1.0.18/test/default/box2.c:29:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char c[163] = { data/libsodium-1.0.18/test/default/box2.c:46:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char m[163]; data/libsodium-1.0.18/test/default/box2.c:51:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k[crypto_box_BEFORENMBYTES]; data/libsodium-1.0.18/test/default/box7.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char alicesk[crypto_box_SECRETKEYBYTES]; data/libsodium-1.0.18/test/default/box7.c:6:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char alicepk[crypto_box_PUBLICKEYBYTES]; data/libsodium-1.0.18/test/default/box7.c:7:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char bobsk[crypto_box_SECRETKEYBYTES]; data/libsodium-1.0.18/test/default/box7.c:8:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char bobpk[crypto_box_PUBLICKEYBYTES]; data/libsodium-1.0.18/test/default/box7.c:9:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char n[crypto_box_NONCEBYTES]; data/libsodium-1.0.18/test/default/box8.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char alicesk[crypto_box_SECRETKEYBYTES]; data/libsodium-1.0.18/test/default/box8.c:6:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char alicepk[crypto_box_PUBLICKEYBYTES]; data/libsodium-1.0.18/test/default/box8.c:7:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char bobsk[crypto_box_SECRETKEYBYTES]; data/libsodium-1.0.18/test/default/box8.c:8:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char bobpk[crypto_box_PUBLICKEYBYTES]; data/libsodium-1.0.18/test/default/box8.c:9:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char n[crypto_box_NONCEBYTES]; data/libsodium-1.0.18/test/default/box_easy.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char alicesk[32] = { 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, data/libsodium-1.0.18/test/default/box_easy.c:11:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char bobpk[32] = { 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, data/libsodium-1.0.18/test/default/box_easy.c:17:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, data/libsodium-1.0.18/test/default/box_easy.c:22:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char m[131] = { data/libsodium-1.0.18/test/default/box_easy.c:36:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char c[147 + crypto_box_MACBYTES]; data/libsodium-1.0.18/test/default/box_easy2.c:5:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char small_order_p[crypto_box_PUBLICKEYBYTES] = { data/libsodium-1.0.18/test/default/box_easy2.c:67:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, m, mlen); data/libsodium-1.0.18/test/default/box_seal.c:8:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pk[crypto_box_PUBLICKEYBYTES]; data/libsodium-1.0.18/test/default/box_seal.c:9:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sk[crypto_box_SECRETKEYBYTES]; data/libsodium-1.0.18/test/default/box_seal.c:48:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pk[crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES]; data/libsodium-1.0.18/test/default/box_seal.c:49:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sk[crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES]; data/libsodium-1.0.18/test/default/box_seed.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char seed[32] = { 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, data/libsodium-1.0.18/test/default/box_seed.c:15:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sk[32]; data/libsodium-1.0.18/test/default/box_seed.c:16:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pk[32]; data/libsodium-1.0.18/test/default/chacha20.c:22:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char key[crypto_stream_chacha20_KEYBYTES]; data/libsodium-1.0.18/test/default/chacha20.c:23:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char nonce[crypto_stream_chacha20_NONCEBYTES]; data/libsodium-1.0.18/test/default/chacha20.c:25:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[160]; data/libsodium-1.0.18/test/default/chacha20.c:26:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char zero[160]; data/libsodium-1.0.18/test/default/chacha20.c:27:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out_hex[160 * 2 + 1]; data/libsodium-1.0.18/test/default/chacha20.c:33:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sodium_hex2bin((unsigned char *)key, sizeof key, tests[i].key_hex, data/libsodium-1.0.18/test/default/chacha20.c:109:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char key[crypto_stream_chacha20_KEYBYTES]; data/libsodium-1.0.18/test/default/chacha20.c:110:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char nonce[crypto_stream_chacha20_IETF_NONCEBYTES]; data/libsodium-1.0.18/test/default/chacha20.c:112:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[160]; data/libsodium-1.0.18/test/default/chacha20.c:113:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char zero[160]; data/libsodium-1.0.18/test/default/chacha20.c:114:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out_hex[160 * 2 + 1]; data/libsodium-1.0.18/test/default/chacha20.c:120:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sodium_hex2bin((unsigned char *)key, sizeof key, tests[i].key_hex, data/libsodium-1.0.18/test/default/cmptest.h:174:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp_res = fopen(TEST_NAME_RES, "w+")) == NULL) { data/libsodium-1.0.18/test/default/cmptest.h:194:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp_out = fopen(TEST_NAME_OUT, "r")) == NULL) { data/libsodium-1.0.18/test/default/codecs.c:7:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf1[1000]; data/libsodium-1.0.18/test/default/codecs.c:8:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf3[33]; data/libsodium-1.0.18/test/default/codecs.c:9:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf4[4]; data/libsodium-1.0.18/test/default/codecs.c:232:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf1, bin, bin_len); data/libsodium-1.0.18/test/default/core1.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char shared[32] = { 0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, data/libsodium-1.0.18/test/default/core1.c:11:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char zero[32]; data/libsodium-1.0.18/test/default/core1.c:13:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char c[16] = { 0x65, 0x78, 0x70, 0x61, 0x6e, 0x64, 0x20, 0x33, data/libsodium-1.0.18/test/default/core1.c:16:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char firstkey[32]; data/libsodium-1.0.18/test/default/core2.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char firstkey[32] = { 0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85, data/libsodium-1.0.18/test/default/core2.c:11:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char nonceprefix[16] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, data/libsodium-1.0.18/test/default/core2.c:15:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char c[16] = { 0x65, 0x78, 0x70, 0x61, 0x6e, 0x64, 0x20, 0x33, data/libsodium-1.0.18/test/default/core2.c:18:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char secondkey[32]; data/libsodium-1.0.18/test/default/core3.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char SECONDKEY[32] = { 0xdc, 0x90, 0x8d, 0xda, 0x0b, 0x93, 0x44, data/libsodium-1.0.18/test/default/core3.c:11:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char NONCESUFFIX[8] = { 0x82, 0x19, 0xe0, 0x03, data/libsodium-1.0.18/test/default/core3.c:14:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char C[16] = { 0x65, 0x78, 0x70, 0x61, 0x6e, 0x64, 0x20, 0x33, data/libsodium-1.0.18/test/default/core3.c:32:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(secondkey, SECONDKEY, 32); data/libsodium-1.0.18/test/default/core3.c:34:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(noncesuffix, NONCESUFFIX, 8); data/libsodium-1.0.18/test/default/core3.c:36:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, C, 16); data/libsodium-1.0.18/test/default/core4.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char k[32] = { 1, 2, 3, 4, 5, 6, 7, 8, data/libsodium-1.0.18/test/default/core4.c:10:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char in[16] = { 101, 102, 103, 104, 105, 106, 107, 108, data/libsodium-1.0.18/test/default/core4.c:13:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char c[16] = { 101, 120, 112, 97, 110, 100, 32, 51, data/libsodium-1.0.18/test/default/core4.c:16:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char out[64]; data/libsodium-1.0.18/test/default/core5.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char k[32] = { 0xee, 0x30, 0x4f, 0xca, 0x27, 0x00, 0x8d, 0x8c, data/libsodium-1.0.18/test/default/core5.c:10:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char in[16] = { data/libsodium-1.0.18/test/default/core5.c:15:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char c[16] = { 101, 120, 112, 97, 110, 100, 32, 51, data/libsodium-1.0.18/test/default/core5.c:18:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[32]; data/libsodium-1.0.18/test/default/core6.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char k[32] = { 0xee, 0x30, 0x4f, 0xca, 0x27, 0x00, 0x8d, 0x8c, data/libsodium-1.0.18/test/default/core6.c:10:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char in[16] = { data/libsodium-1.0.18/test/default/core6.c:15:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char c[16] = { 101, 120, 112, 97, 110, 100, 32, 51, data/libsodium-1.0.18/test/default/core6.c:18:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char out[64]; data/libsodium-1.0.18/test/default/core_ed25519.c:4:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char non_canonical_p[32] = { data/libsodium-1.0.18/test/default/core_ed25519.c:8:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char non_canonical_invalid_p[32] = { data/libsodium-1.0.18/test/default/core_ed25519.c:12:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char max_canonical_p[32] = { data/libsodium-1.0.18/test/default/core_ed25519.c:20:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char P[32] = { data/libsodium-1.0.18/test/default/core_ed25519.c:33:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char l[crypto_core_ed25519_NONREDUCEDSCALARBYTES] = data/libsodium-1.0.18/test/default/core_ed25519.c:86:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p3, p, crypto_core_ed25519_BYTES); data/libsodium-1.0.18/test/default/core_ed25519.c:105:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p2, p, crypto_core_ed25519_BYTES); data/libsodium-1.0.18/test/default/core_ed25519.c:106:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p3, p, crypto_core_ed25519_BYTES); data/libsodium-1.0.18/test/default/core_ed25519.c:139:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p2, p, crypto_core_ed25519_BYTES); data/libsodium-1.0.18/test/default/core_ed25519.c:181:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sc64, sc, crypto_core_ed25519_BYTES); data/libsodium-1.0.18/test/default/core_ed25519.c:195:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p2, p, crypto_core_ed25519_BYTES); data/libsodium-1.0.18/test/default/core_ed25519.c:213:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p2, p, crypto_core_ed25519_BYTES); data/libsodium-1.0.18/test/default/core_ristretto255.c:112:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char l[crypto_core_ed25519_BYTES] = data/libsodium-1.0.18/test/default/core_ristretto255.c:227:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s4, s1, crypto_core_ristretto255_SCALARBYTES); data/libsodium-1.0.18/test/default/ed25519_convert.c:5:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char keypair_seed[crypto_sign_ed25519_SEEDBYTES] = { data/libsodium-1.0.18/test/default/ed25519_convert.c:14:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ed25519_pk[crypto_sign_ed25519_PUBLICKEYBYTES]; data/libsodium-1.0.18/test/default/ed25519_convert.c:15:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ed25519_skpk[crypto_sign_ed25519_SECRETKEYBYTES]; data/libsodium-1.0.18/test/default/ed25519_convert.c:16:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char curve25519_pk[crypto_scalarmult_curve25519_BYTES]; data/libsodium-1.0.18/test/default/ed25519_convert.c:17:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char curve25519_pk2[crypto_scalarmult_curve25519_BYTES]; data/libsodium-1.0.18/test/default/ed25519_convert.c:18:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char curve25519_sk[crypto_scalarmult_curve25519_BYTES]; data/libsodium-1.0.18/test/default/ed25519_convert.c:19:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char curve25519_pk_hex[crypto_scalarmult_curve25519_BYTES * 2 + 1]; data/libsodium-1.0.18/test/default/ed25519_convert.c:20:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char curve25519_sk_hex[crypto_scalarmult_curve25519_BYTES * 2 + 1]; data/libsodium-1.0.18/test/default/generichash.c:1338:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char in[MAXLEN]; data/libsodium-1.0.18/test/default/generichash.c:1339:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[crypto_generichash_BYTES_MAX]; data/libsodium-1.0.18/test/default/generichash.c:1340:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k[crypto_generichash_KEYBYTES_MAX]; data/libsodium-1.0.18/test/default/generichash2.c:10:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char in[MAXLEN]; data/libsodium-1.0.18/test/default/generichash2.c:11:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[crypto_generichash_BYTES_MAX]; data/libsodium-1.0.18/test/default/generichash2.c:12:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k[crypto_generichash_KEYBYTES_MAX]; data/libsodium-1.0.18/test/default/generichash3.c:10:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char salt[crypto_generichash_blake2b_SALTBYTES] data/libsodium-1.0.18/test/default/generichash3.c:13:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char personal[crypto_generichash_blake2b_PERSONALBYTES] data/libsodium-1.0.18/test/default/generichash3.c:16:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char in[MAXLEN]; data/libsodium-1.0.18/test/default/generichash3.c:17:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[crypto_generichash_blake2b_BYTES_MAX]; data/libsodium-1.0.18/test/default/generichash3.c:18:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k[crypto_generichash_blake2b_KEYBYTES_MAX]; data/libsodium-1.0.18/test/default/hash.c:10:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char h[crypto_hash_BYTES]; data/libsodium-1.0.18/test/default/hash3.c:6:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char h[crypto_hash_BYTES]; data/libsodium-1.0.18/test/default/kdf.c:11:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hex[crypto_kdf_BYTES_MAX * 2 + 1]; data/libsodium-1.0.18/test/default/kdf.c:18:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context, "KDF test", sizeof "KDF test" -1U); data/libsodium-1.0.18/test/default/kx.c:5:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char small_order_p[crypto_scalarmult_BYTES] = { data/libsodium-1.0.18/test/default/kx.c:19:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hex[65]; data/libsodium-1.0.18/test/default/onetimeauth.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char rs[32] = { data/libsodium-1.0.18/test/default/onetimeauth.c:11:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char c[131] = { data/libsodium-1.0.18/test/default/onetimeauth.c:25:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char a[16]; data/libsodium-1.0.18/test/default/onetimeauth2.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char rs[32] = { data/libsodium-1.0.18/test/default/onetimeauth2.c:11:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char c[131] = { data/libsodium-1.0.18/test/default/onetimeauth2.c:25:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char a[16] = { 0xf3, 0xff, 0xc7, 0x70, 0x3f, 0x94, 0x00, 0xe5, data/libsodium-1.0.18/test/default/onetimeauth7.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char key[32]; data/libsodium-1.0.18/test/default/onetimeauth7.c:6:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char c[1000]; data/libsodium-1.0.18/test/default/onetimeauth7.c:7:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char a[16]; data/libsodium-1.0.18/test/default/pwhash_argon2i.c:81:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char passwd[256]; data/libsodium-1.0.18/test/default/pwhash_argon2i.c:82:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char salt[crypto_pwhash_SALTBYTES]; data/libsodium-1.0.18/test/default/pwhash_argon2i.c:83:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[256]; data/libsodium-1.0.18/test/default/pwhash_argon2i.c:84:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out_hex[256 * 2 + 1]; data/libsodium-1.0.18/test/default/pwhash_argon2i.c:88:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sodium_hex2bin((unsigned char *) passwd, sizeof passwd, data/libsodium-1.0.18/test/default/pwhash_argon2i.c:94:64: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. tests[i].passwd_len, (const unsigned char *) salt, data/libsodium-1.0.18/test/default/pwhash_argon2i.c:133:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char passwd[256]; data/libsodium-1.0.18/test/default/pwhash_argon2i.c:134:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char salt[crypto_pwhash_SALTBYTES]; data/libsodium-1.0.18/test/default/pwhash_argon2i.c:135:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[256]; data/libsodium-1.0.18/test/default/pwhash_argon2i.c:136:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out_hex[256 * 2 + 1]; data/libsodium-1.0.18/test/default/pwhash_argon2i.c:140:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sodium_hex2bin((unsigned char *) passwd, sizeof passwd, data/libsodium-1.0.18/test/default/pwhash_argon2i.c:146:64: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. tests[i].passwd_len, (const unsigned char *) salt, data/libsodium-1.0.18/test/default/pwhash_argon2i.c:214:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. out = (char *) sodium_malloc(strlen(tests[i].out) + 1U); data/libsodium-1.0.18/test/default/pwhash_argon2i.c:216:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, tests[i].out, strlen(tests[i].out) + 1U); data/libsodium-1.0.18/test/default/pwhash_argon2i.c:217:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U); data/libsodium-1.0.18/test/default/pwhash_argon2i.c:219:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U); data/libsodium-1.0.18/test/default/pwhash_argon2i.c:241:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(salt, ">A 16-bytes salt", crypto_pwhash_SALTBYTES); data/libsodium-1.0.18/test/default/pwhash_argon2id.c:81:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char passwd[256]; data/libsodium-1.0.18/test/default/pwhash_argon2id.c:82:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char salt[crypto_pwhash_SALTBYTES]; data/libsodium-1.0.18/test/default/pwhash_argon2id.c:83:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[256]; data/libsodium-1.0.18/test/default/pwhash_argon2id.c:84:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out_hex[256 * 2 + 1]; data/libsodium-1.0.18/test/default/pwhash_argon2id.c:88:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sodium_hex2bin((unsigned char *) passwd, sizeof passwd, data/libsodium-1.0.18/test/default/pwhash_argon2id.c:94:64: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. tests[i].passwd_len, (const unsigned char *) salt, data/libsodium-1.0.18/test/default/pwhash_argon2id.c:133:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char passwd[256]; data/libsodium-1.0.18/test/default/pwhash_argon2id.c:134:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char salt[crypto_pwhash_SALTBYTES]; data/libsodium-1.0.18/test/default/pwhash_argon2id.c:135:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[256]; data/libsodium-1.0.18/test/default/pwhash_argon2id.c:136:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out_hex[256 * 2 + 1]; data/libsodium-1.0.18/test/default/pwhash_argon2id.c:140:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sodium_hex2bin((unsigned char *) passwd, sizeof passwd, data/libsodium-1.0.18/test/default/pwhash_argon2id.c:146:64: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. tests[i].passwd_len, (const unsigned char *) salt, data/libsodium-1.0.18/test/default/pwhash_argon2id.c:210:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. out = (char *) sodium_malloc(strlen(tests[i].out) + 1U); data/libsodium-1.0.18/test/default/pwhash_argon2id.c:212:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, tests[i].out, strlen(tests[i].out) + 1U); data/libsodium-1.0.18/test/default/pwhash_argon2id.c:213:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U); data/libsodium-1.0.18/test/default/pwhash_argon2id.c:215:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U); data/libsodium-1.0.18/test/default/pwhash_argon2id.c:237:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(salt, ">A 16-bytes salt", crypto_pwhash_argon2id_SALTBYTES); data/libsodium-1.0.18/test/default/pwhash_scrypt.c:93:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char passwd[256]; data/libsodium-1.0.18/test/default/pwhash_scrypt.c:94:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES]; data/libsodium-1.0.18/test/default/pwhash_scrypt.c:95:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[256]; data/libsodium-1.0.18/test/default/pwhash_scrypt.c:96:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out_hex[256 * 2 + 1]; data/libsodium-1.0.18/test/default/pwhash_scrypt.c:100:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sodium_hex2bin((unsigned char *) passwd, sizeof passwd, data/libsodium-1.0.18/test/default/pwhash_scrypt.c:107:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. tests[i].passwdlen, (const unsigned char *) salt, data/libsodium-1.0.18/test/default/pwhash_scrypt.c:142:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char passwd[256]; data/libsodium-1.0.18/test/default/pwhash_scrypt.c:143:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES]; data/libsodium-1.0.18/test/default/pwhash_scrypt.c:144:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[256]; data/libsodium-1.0.18/test/default/pwhash_scrypt.c:145:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out_hex[256 * 2 + 1]; data/libsodium-1.0.18/test/default/pwhash_scrypt.c:149:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sodium_hex2bin((unsigned char *) passwd, sizeof passwd, data/libsodium-1.0.18/test/default/pwhash_scrypt.c:156:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. tests[i].passwdlen, (const unsigned char *) salt, data/libsodium-1.0.18/test/default/pwhash_scrypt.c:280:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. out = (char *) sodium_malloc(strlen(tests[i].out) + 1U); data/libsodium-1.0.18/test/default/pwhash_scrypt.c:282:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, tests[i].out, strlen(tests[i].out) + 1U); data/libsodium-1.0.18/test/default/pwhash_scrypt.c:283:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U); data/libsodium-1.0.18/test/default/pwhash_scrypt.c:285:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U); data/libsodium-1.0.18/test/default/pwhash_scrypt.c:308:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(salt, "[<~A 32-bytes salt for scrypt~>]", data/libsodium-1.0.18/test/default/randombytes.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char x[65536]; data/libsodium-1.0.18/test/default/randombytes.c:32:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char seed[randombytes_SEEDBYTES] = { data/libsodium-1.0.18/test/default/randombytes.c:37:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[100]; data/libsodium-1.0.18/test/default/scalarmult.c:5:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char alicesk[crypto_scalarmult_BYTES] = { data/libsodium-1.0.18/test/default/scalarmult.c:11:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char bobsk[crypto_scalarmult_BYTES] = { data/libsodium-1.0.18/test/default/scalarmult.c:17:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char small_order_p[crypto_scalarmult_BYTES] = { data/libsodium-1.0.18/test/default/scalarmult.c:23:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char hex[crypto_scalarmult_BYTES * 2 + 1]; data/libsodium-1.0.18/test/default/scalarmult2.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char bobsk[32] = { 0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a, data/libsodium-1.0.18/test/default/scalarmult2.c:11:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char bobpk[32]; data/libsodium-1.0.18/test/default/scalarmult5.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char alicesk[32] = { 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, data/libsodium-1.0.18/test/default/scalarmult5.c:11:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char bobpk[32] = { 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, data/libsodium-1.0.18/test/default/scalarmult5.c:17:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char k[32]; data/libsodium-1.0.18/test/default/scalarmult6.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char bobsk_[crypto_scalarmult_SCALARBYTES] = { data/libsodium-1.0.18/test/default/scalarmult6.c:11:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char alicepk_[crypto_scalarmult_SCALARBYTES] = { data/libsodium-1.0.18/test/default/scalarmult6.c:31:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bobsk, bobsk_, crypto_scalarmult_SCALARBYTES); data/libsodium-1.0.18/test/default/scalarmult6.c:32:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(alicepk, alicepk_, crypto_scalarmult_SCALARBYTES); data/libsodium-1.0.18/test/default/scalarmult7.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char p1[32] = { data/libsodium-1.0.18/test/default/scalarmult7.c:11:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char p2[32] = { data/libsodium-1.0.18/test/default/scalarmult7.c:17:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char scalar[32]; data/libsodium-1.0.18/test/default/scalarmult7.c:18:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char out1[32]; data/libsodium-1.0.18/test/default/scalarmult7.c:19:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char out2[32]; data/libsodium-1.0.18/test/default/scalarmult8.c:6:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char pk_hex[crypto_scalarmult_BYTES * 2 + 1]; data/libsodium-1.0.18/test/default/scalarmult8.c:7:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char sk_hex[crypto_scalarmult_SCALARBYTES * 2 + 1]; data/libsodium-1.0.18/test/default/scalarmult8.c:8:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char shared_hex[crypto_scalarmult_BYTES * 2 + 1]; data/libsodium-1.0.18/test/default/scalarmult8.c:540:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sk[crypto_scalarmult_SCALARBYTES]; data/libsodium-1.0.18/test/default/scalarmult8.c:541:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pk[crypto_scalarmult_BYTES]; data/libsodium-1.0.18/test/default/scalarmult8.c:542:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char shared[crypto_scalarmult_BYTES]; data/libsodium-1.0.18/test/default/scalarmult8.c:543:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char shared2[crypto_scalarmult_BYTES]; data/libsodium-1.0.18/test/default/scalarmult_ed25519.c:4:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char non_canonical_p[32] = { data/libsodium-1.0.18/test/default/scalarmult_ed25519.c:8:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char non_canonical_invalid_p[32] = { data/libsodium-1.0.18/test/default/scalarmult_ed25519.c:12:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char max_canonical_p[32] = { data/libsodium-1.0.18/test/default/scalarmult_ed25519.c:17:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char B[32] = { data/libsodium-1.0.18/test/default/scalarmult_ed25519.c:36:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, B, crypto_scalarmult_ed25519_BYTES); data/libsodium-1.0.18/test/default/secretbox.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char firstkey[32] = { 0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85, data/libsodium-1.0.18/test/default/secretbox.c:11:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, data/libsodium-1.0.18/test/default/secretbox.c:17:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char m[163] = { data/libsodium-1.0.18/test/default/secretbox.c:34:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char c[163]; data/libsodium-1.0.18/test/default/secretbox.c:49:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, m, 163); data/libsodium-1.0.18/test/default/secretbox2.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char firstkey[32] = { 0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85, data/libsodium-1.0.18/test/default/secretbox2.c:11:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, data/libsodium-1.0.18/test/default/secretbox2.c:17:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char c[163] = { data/libsodium-1.0.18/test/default/secretbox2.c:34:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char m[163]; data/libsodium-1.0.18/test/default/secretbox7.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char k[crypto_secretbox_KEYBYTES]; data/libsodium-1.0.18/test/default/secretbox7.c:6:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char n[crypto_secretbox_NONCEBYTES]; data/libsodium-1.0.18/test/default/secretbox7.c:7:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char m[10000]; data/libsodium-1.0.18/test/default/secretbox7.c:8:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char c[10000]; data/libsodium-1.0.18/test/default/secretbox7.c:9:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char m2[10000]; data/libsodium-1.0.18/test/default/secretbox8.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char k[crypto_secretbox_KEYBYTES]; data/libsodium-1.0.18/test/default/secretbox8.c:6:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char n[crypto_secretbox_NONCEBYTES]; data/libsodium-1.0.18/test/default/secretbox8.c:7:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char m[10000]; data/libsodium-1.0.18/test/default/secretbox8.c:8:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char c[10000]; data/libsodium-1.0.18/test/default/secretbox8.c:9:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char m2[10000]; data/libsodium-1.0.18/test/default/secretbox_easy.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char firstkey[32] = { 0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85, data/libsodium-1.0.18/test/default/secretbox_easy.c:11:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, data/libsodium-1.0.18/test/default/secretbox_easy.c:16:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char m[131] = { data/libsodium-1.0.18/test/default/secretbox_easy.c:58:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c + 1, m, 131); data/libsodium-1.0.18/test/default/secretbox_easy.c:65:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, m, 131); data/libsodium-1.0.18/test/default/secretbox_easy.c:72:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, m, 131); data/libsodium-1.0.18/test/default/secretbox_easy.c:105:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, m, 20); data/libsodium-1.0.18/test/default/secretbox_easy.c:113:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, m, 20); data/libsodium-1.0.18/test/default/secretbox_easy2.c:53:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, m, mlen); data/libsodium-1.0.18/test/default/secretstream.c:54:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m1_, m1, m1_len); data/libsodium-1.0.18/test/default/secretstream.c:56:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m2_, m2, m2_len); data/libsodium-1.0.18/test/default/secretstream.c:58:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m3_, m3, m3_len); data/libsodium-1.0.18/test/default/secretstream.c:208:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(statesave, state, sizeof *state); data/libsodium-1.0.18/test/default/secretstream.c:218:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(csave, c2, m2_len + crypto_secretstream_xchacha20poly1305_ABYTES); data/libsodium-1.0.18/test/default/secretstream.c:234:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state, statesave, sizeof *state); data/libsodium-1.0.18/test/default/shorthash.c:10:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char in[MAXLEN]; data/libsodium-1.0.18/test/default/shorthash.c:11:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[crypto_shorthash_BYTES]; data/libsodium-1.0.18/test/default/shorthash.c:12:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k[crypto_shorthash_KEYBYTES]; data/libsodium-1.0.18/test/default/sign.c:11:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char sk[crypto_sign_SEEDBYTES]; data/libsodium-1.0.18/test/default/sign.c:12:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char pk[crypto_sign_PUBLICKEYBYTES]; data/libsodium-1.0.18/test/default/sign.c:13:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char sig[crypto_sign_BYTES]; data/libsodium-1.0.18/test/default/sign.c:1044:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char non_canonical_p[32] = { data/libsodium-1.0.18/test/default/sign.c:1051:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char l[32] = data/libsodium-1.0.18/test/default/sign.c:1063:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char extracted_seed[crypto_sign_ed25519_SEEDBYTES]; data/libsodium-1.0.18/test/default/sign.c:1064:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char extracted_pk[crypto_sign_ed25519_PUBLICKEYBYTES]; data/libsodium-1.0.18/test/default/sign.c:1065:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sig[crypto_sign_BYTES]; data/libsodium-1.0.18/test/default/sign.c:1066:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sm[1024 + crypto_sign_BYTES]; data/libsodium-1.0.18/test/default/sign.c:1067:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char m[1024]; data/libsodium-1.0.18/test/default/sign.c:1068:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char skpk[crypto_sign_SECRETKEYBYTES]; data/libsodium-1.0.18/test/default/sign.c:1069:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pk[crypto_sign_PUBLICKEYBYTES]; data/libsodium-1.0.18/test/default/sign.c:1070:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sk[crypto_sign_SECRETKEYBYTES]; data/libsodium-1.0.18/test/default/sign.c:1071:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sig_hex[crypto_sign_BYTES * 2 + 1]; data/libsodium-1.0.18/test/default/sign.c:1072:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pk_hex[crypto_sign_PUBLICKEYBYTES * 2 + 1]; data/libsodium-1.0.18/test/default/sign.c:1073:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sk_hex[crypto_sign_SECRETKEYBYTES * 2 + 1]; data/libsodium-1.0.18/test/default/sign.c:1087:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(skpk, test_data[i].sk, crypto_sign_SEEDBYTES); data/libsodium-1.0.18/test/default/sign.c:1088:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(skpk + crypto_sign_SEEDBYTES, test_data[i].pk, data/libsodium-1.0.18/test/default/sign.c:1090:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (crypto_sign(sm, &smlen, (const unsigned char *)test_data[i].m, i, data/libsodium-1.0.18/test/default/sign.c:1131:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (const unsigned char *)test_data[i].m, i, skpk) data/libsodium-1.0.18/test/default/sign.c:1145:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (const unsigned char *)test_data[i].m, data/libsodium-1.0.18/test/default/sign.c:1155:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sm, test_data[i].m, i); data/libsodium-1.0.18/test/default/sign.c:1169:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (const unsigned char *)test_data[i].m, data/libsodium-1.0.18/test/default/sign.c:1179:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (const unsigned char *)test_data[i].m, data/libsodium-1.0.18/test/default/sign.c:1186:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (const unsigned char *)test_data[i].m, data/libsodium-1.0.18/test/default/sign.c:1194:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (const unsigned char *)test_data[i].m, data/libsodium-1.0.18/test/default/sign.c:1199:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (const unsigned char *)test_data[i].m, i, skpk) == 0); data/libsodium-1.0.18/test/default/sign.c:1205:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (const unsigned char *)test_data[i].m, data/libsodium-1.0.18/test/default/sign.c:1214:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (const unsigned char *)test_data[i].m, data/libsodium-1.0.18/test/default/sign.c:1223:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (const unsigned char *)test_data[i].m, data/libsodium-1.0.18/test/default/sign.c:1233:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_sign_update(&st, (const unsigned char *)test_data[i].m, i); data/libsodium-1.0.18/test/default/sign.c:1239:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_sign_update(&st, (const unsigned char *)test_data[i].m, i); data/libsodium-1.0.18/test/default/sign.c:1244:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_sign_update(&st, (const unsigned char *)test_data[i].m, 0); data/libsodium-1.0.18/test/default/sign.c:1245:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_sign_update(&st, (const unsigned char *)test_data[i].m, i / 2); data/libsodium-1.0.18/test/default/sign.c:1246:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crypto_sign_update(&st, ((const unsigned char *)test_data[i].m) + i / 2, data/libsodium-1.0.18/test/default/sign.c:1266:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sk + crypto_sign_SECRETKEYBYTES - crypto_sign_PUBLICKEYBYTES, data/libsodium-1.0.18/test/default/siphashx24.c:10:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char in[MAXLEN]; data/libsodium-1.0.18/test/default/siphashx24.c:11:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[crypto_shorthash_siphashx24_BYTES]; data/libsodium-1.0.18/test/default/siphashx24.c:12:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k[crypto_shorthash_siphashx24_KEYBYTES]; data/libsodium-1.0.18/test/default/sodium_utils.c:7:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf_add[1000]; data/libsodium-1.0.18/test/default/sodium_utils.c:8:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf1[1000]; data/libsodium-1.0.18/test/default/sodium_utils.c:9:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf2[1000]; data/libsodium-1.0.18/test/default/sodium_utils.c:10:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf1_rev[1000]; data/libsodium-1.0.18/test/default/sodium_utils.c:11:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf2_rev[1000]; data/libsodium-1.0.18/test/default/sodium_utils.c:12:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char nonce[24]; data/libsodium-1.0.18/test/default/sodium_utils.c:13:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nonce_hex[49]; data/libsodium-1.0.18/test/default/sodium_utils.c:23:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf2, buf1, sizeof buf2); data/libsodium-1.0.18/test/default/sodium_utils.c:71:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf1, buf2, bin_len); data/libsodium-1.0.18/test/default/sodium_utils.c:92:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf2, buf1, bin_len); data/libsodium-1.0.18/test/default/sodium_utils.c:105:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf2, buf1, bin_len); data/libsodium-1.0.18/test/default/stream.c:5:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char firstkey[32] = { data/libsodium-1.0.18/test/default/stream.c:13:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char nonce[24] = { data/libsodium-1.0.18/test/default/stream.c:23:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char h[32]; data/libsodium-1.0.18/test/default/stream2.c:5:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char secondkey[32] = { data/libsodium-1.0.18/test/default/stream2.c:13:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char noncesuffix[8] = { data/libsodium-1.0.18/test/default/stream2.c:24:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char h[32]; data/libsodium-1.0.18/test/default/stream3.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char firstkey[32] = { 0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85, data/libsodium-1.0.18/test/default/stream3.c:11:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, data/libsodium-1.0.18/test/default/stream3.c:16:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char rs[32]; data/libsodium-1.0.18/test/default/stream4.c:5:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char firstkey[32] = { 0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85, data/libsodium-1.0.18/test/default/stream4.c:11:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, data/libsodium-1.0.18/test/default/stream4.c:16:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char m[163] = { data/libsodium-1.0.18/test/default/stream4.c:33:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char c[163]; data/libsodium-1.0.18/test/default/verify1.c:26:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v16x, v16, 16); data/libsodium-1.0.18/test/default/verify1.c:27:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v32x, v32, 32); data/libsodium-1.0.18/test/default/verify1.c:28:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v64x, v64, 64); data/libsodium-1.0.18/test/default/xchacha20.c:6:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char key[crypto_core_hchacha20_KEYBYTES * 2 + 1]; data/libsodium-1.0.18/test/default/xchacha20.c:7:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char in[crypto_core_hchacha20_INPUTBYTES * 2 + 1]; data/libsodium-1.0.18/test/default/xchacha20.c:8:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char out[crypto_core_hchacha20_OUTPUTBYTES * 2 + 1]; data/libsodium-1.0.18/test/default/xchacha20.c:11:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char small_order_p[crypto_scalarmult_BYTES] = { data/libsodium-1.0.18/test/default/xchacha20.c:84:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char key[crypto_stream_xchacha20_KEYBYTES * 2 + 1]; data/libsodium-1.0.18/test/default/xchacha20.c:85:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char nonce[crypto_stream_xchacha20_NONCEBYTES * 2 + 1]; data/libsodium-1.0.18/test/default/xchacha20.c:86:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char out[XCHACHA20_OUT_MAX * 2 + 1]; data/libsodium-1.0.18/test/default/xchacha20.c:150:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out2 + 64, out, 64); data/libsodium-1.0.18/test/default/xchacha20.c:193:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char key[crypto_secretbox_xchacha20poly1305_KEYBYTES * 2 + 1]; data/libsodium-1.0.18/test/default/xchacha20.c:194:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char nonce[crypto_secretbox_xchacha20poly1305_NONCEBYTES * 2 + 1]; data/libsodium-1.0.18/test/default/xchacha20.c:302:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hex[65]; data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:527:1: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(signed char b, signed char c) data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:576:34: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ge25519_cmov(t, &precomp[0], equal(babs, 1)); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:577:34: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ge25519_cmov(t, &precomp[1], equal(babs, 2)); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:578:34: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ge25519_cmov(t, &precomp[2], equal(babs, 3)); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:579:34: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ge25519_cmov(t, &precomp[3], equal(babs, 4)); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:580:34: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ge25519_cmov(t, &precomp[4], equal(babs, 5)); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:581:34: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ge25519_cmov(t, &precomp[5], equal(babs, 6)); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:582:34: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ge25519_cmov(t, &precomp[6], equal(babs, 7)); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:583:34: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ge25519_cmov(t, &precomp[7], equal(babs, 8)); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:611:40: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ge25519_cmov_cached(t, &cached[0], equal(babs, 1)); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:612:40: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ge25519_cmov_cached(t, &cached[1], equal(babs, 2)); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:613:40: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ge25519_cmov_cached(t, &cached[2], equal(babs, 3)); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:614:40: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ge25519_cmov_cached(t, &cached[3], equal(babs, 4)); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:615:40: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ge25519_cmov_cached(t, &cached[4], equal(babs, 5)); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:616:40: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ge25519_cmov_cached(t, &cached[5], equal(babs, 6)); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:617:40: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ge25519_cmov_cached(t, &cached[6], equal(babs, 7)); data/libsodium-1.0.18/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c:618:40: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. ge25519_cmov_cached(t, &cached[7], equal(babs, 8)); data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c:99:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t cc_len = strlen(prefix); \ data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c:109:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t cc_len = strlen(prefix); \ data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c:145:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (sodium_base642bin((buf), (max_len), str, strlen(str), NULL, \ data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c:245:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t pp_len = strlen(str); \ data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c:268:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sb_len = strlen(dst); \ data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/argon2.c:218:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). encoded_len = strlen(encoded); data/libsodium-1.0.18/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c:249:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fodder_len = strlen(str); data/libsodium-1.0.18/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c:165:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). saltlen = strlen((const char *) salt); data/libsodium-1.0.18/src/libsodium/randombytes/internal/randombytes_internal_random.c:325:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((readnb = read(fd, buf, size)) < (ssize_t) 0 && data/libsodium-1.0.18/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c:135:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((readnb = read(fd, buf, size)) < (ssize_t) 0 && data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3106:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(tests[i].key_hex) == 2 * crypto_aead_aes256gcm_KEYBYTES); data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3108:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tests[i].key_hex, strlen(tests[i].key_hex), data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3110:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(tests[i].nonce_hex) == 2 * crypto_aead_aes256gcm_NPUBBYTES); data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3112:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tests[i].nonce_hex, strlen(tests[i].nonce_hex), data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3114:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). message_len = strlen(tests[i].message_hex) / 2; data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3117:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tests[i].message_hex, strlen(tests[i].message_hex), data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3119:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ad_len = strlen(tests[i].ad_hex) / 2; data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3122:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tests[i].ad_hex, strlen(tests[i].ad_hex), data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3127:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(tests[i].ciphertext_hex) == 2 * message_len); data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3129:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tests[i].ciphertext_hex, strlen(tests[i].ciphertext_hex), data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3131:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(tests[i].mac_hex) == 2 * crypto_aead_aes256gcm_ABYTES); data/libsodium-1.0.18/test/default/aead_aes256gcm.c:3133:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tests[i].mac_hex, strlen(tests[i].mac_hex), data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:202:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(tests[i].key_hex) == 2 * crypto_aead_aes256gcm_KEYBYTES); data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:204:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tests[i].key_hex), NULL, NULL, NULL); data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:206:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(tests[i].nonce_hex) == data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:209:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tests[i].nonce_hex, strlen(tests[i].nonce_hex), NULL, data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:212:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). message_len = strlen(tests[i].message_hex) / 2; data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:215:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tests[i].message_hex), NULL, NULL, NULL); data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:217:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ad_len = strlen(tests[i].ad_hex) / 2; data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:219:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sodium_hex2bin(ad, ad_len, tests[i].ad_hex, strlen(tests[i].ad_hex), data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:223:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(tests[i].detached_ciphertext_hex) == 2 * message_len); data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:224:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(tests[i].mac_hex) == 2 * crypto_aead_aes256gcm_ABYTES); data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:226:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tests[i].mac_hex), NULL, NULL, NULL); data/libsodium-1.0.18/test/default/aead_aes256gcm2.c:232:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tests[i].detached_ciphertext_hex), NULL, NULL, data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:970:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(tests[i].key_hex) == data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:973:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tests[i].key_hex, strlen(tests[i].key_hex), NULL, NULL, data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:976:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(tests[i].nonce_hex) == data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:979:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tests[i].nonce_hex, strlen(tests[i].nonce_hex), NULL, data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:982:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). message_len = strlen(tests[i].message_hex) / 2; data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:985:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tests[i].message_hex), NULL, NULL, NULL); data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:987:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ad_len = strlen(tests[i].ad_hex) / 2; data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:989:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sodium_hex2bin(ad, ad_len, tests[i].ad_hex, strlen(tests[i].ad_hex), data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:993:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(tests[i].detached_ciphertext_hex) == 2 * message_len); data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:994:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(tests[i].mac_hex) == data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:997:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tests[i].mac_hex, strlen(tests[i].mac_hex), NULL, NULL, data/libsodium-1.0.18/test/default/aead_chacha20poly13052.c:1004:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tests[i].detached_ciphertext_hex), NULL, NULL, data/libsodium-1.0.18/test/default/chacha20.c:34:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tests[i].key_hex), NULL, NULL, NULL); data/libsodium-1.0.18/test/default/chacha20.c:36:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tests[i].nonce_hex), NULL, NULL, NULL); data/libsodium-1.0.18/test/default/chacha20.c:121:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tests[i].key_hex), ": ", NULL, NULL); data/libsodium-1.0.18/test/default/chacha20.c:123:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tests[i].nonce_hex), ": ", NULL, NULL); data/libsodium-1.0.18/test/default/cmptest.h:199:18: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = fgetc(fp_res)) != fgetc(fp_out)) { data/libsodium-1.0.18/test/default/cmptest.h:199:36: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = fgetc(fp_res)) != fgetc(fp_out)) { data/libsodium-1.0.18/test/default/codecs.c:29:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sodium_hex2bin(buf4, sizeof buf4, hex, strlen(hex), ": ", &bin_len, data/libsodium-1.0.18/test/default/codecs.c:36:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sodium_hex2bin(buf4, sizeof buf4, hex, strlen(hex), ": ", &bin_len, NULL); data/libsodium-1.0.18/test/default/codecs.c:133:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(sodium_base642bin(buf4, sizeof buf4, b64, strlen(b64), "\n\r ", &bin_len, data/libsodium-1.0.18/test/default/codecs.c:140:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), "\n\r ", &bin_len, data/libsodium-1.0.18/test/default/codecs.c:147:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, &bin_len, data/libsodium-1.0.18/test/default/codecs.c:153:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL, data/libsodium-1.0.18/test/default/codecs.c:155:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL, data/libsodium-1.0.18/test/default/codecs.c:157:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), " \r\n", NULL, data/libsodium-1.0.18/test/default/codecs.c:159:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL, data/libsodium-1.0.18/test/default/codecs.c:161:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), " \r\n", NULL, data/libsodium-1.0.18/test/default/codecs.c:164:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL, data/libsodium-1.0.18/test/default/codecs.c:166:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL, data/libsodium-1.0.18/test/default/codecs.c:168:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), " \r\n", NULL, data/libsodium-1.0.18/test/default/codecs.c:170:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), NULL, NULL, data/libsodium-1.0.18/test/default/codecs.c:172:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), " \r\n", NULL, data/libsodium-1.0.18/test/default/generichash.c:1308:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(tests[i].key_hex) == 2 * crypto_generichash_KEYBYTES_MAX); data/libsodium-1.0.18/test/default/generichash.c:1310:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tests[i].key_hex, strlen(tests[i].key_hex), data/libsodium-1.0.18/test/default/generichash.c:1312:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(tests[i].out_hex) == 2 * crypto_generichash_BYTES_MAX); data/libsodium-1.0.18/test/default/generichash.c:1314:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tests[i].out_hex, strlen(tests[i].out_hex), data/libsodium-1.0.18/test/default/generichash.c:1316:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). in_len = strlen(tests[i].in_hex) / 2; data/libsodium-1.0.18/test/default/generichash.c:1318:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sodium_hex2bin(in, in_len, tests[i].in_hex, strlen(tests[i].in_hex), data/libsodium-1.0.18/test/default/pwhash_argon2i.c:89:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tests[i].passwd_hex, strlen(tests[i].passwd_hex), NULL, data/libsodium-1.0.18/test/default/pwhash_argon2i.c:92:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tests[i].salt_hex), NULL, NULL, NULL); data/libsodium-1.0.18/test/default/pwhash_argon2i.c:141:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tests[i].passwd_hex, strlen(tests[i].passwd_hex), NULL, data/libsodium-1.0.18/test/default/pwhash_argon2i.c:144:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tests[i].salt_hex), NULL, NULL, NULL); data/libsodium-1.0.18/test/default/pwhash_argon2i.c:156:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash(out, sizeof out, "password", strlen("password"), salt, 3, data/libsodium-1.0.18/test/default/pwhash_argon2i.c:160:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash_argon2i(out, sizeof out, "password", strlen("password"), salt, 3, data/libsodium-1.0.18/test/default/pwhash_argon2i.c:164:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash(out, sizeof out, "password", strlen("password"), salt, 3, data/libsodium-1.0.18/test/default/pwhash_argon2i.c:168:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash(out, sizeof out, "password", strlen("password"), salt, 3, data/libsodium-1.0.18/test/default/pwhash_argon2i.c:172:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash(out, sizeof out, "password", strlen("password"), salt, 2, data/libsodium-1.0.18/test/default/pwhash_argon2i.c:176:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash(out, 15, "password", strlen("password"), salt, 3, data/libsodium-1.0.18/test/default/pwhash_argon2i.c:184:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(crypto_pwhash_argon2i(out, sizeof out, "password", strlen("password"), salt, data/libsodium-1.0.18/test/default/pwhash_argon2i.c:214:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out = (char *) sodium_malloc(strlen(tests[i].out) + 1U); data/libsodium-1.0.18/test/default/pwhash_argon2i.c:216:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(out, tests[i].out, strlen(tests[i].out) + 1U); data/libsodium-1.0.18/test/default/pwhash_argon2i.c:217:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U); data/libsodium-1.0.18/test/default/pwhash_argon2i.c:219:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U); data/libsodium-1.0.18/test/default/pwhash_argon2i.c:220:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = crypto_pwhash_str_verify(out, passwd, strlen(passwd)); data/libsodium-1.0.18/test/default/pwhash_argon2i.c:242:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash_argon2i_str(str_out, passwd, strlen(passwd), OPSLIMIT, data/libsodium-1.0.18/test/default/pwhash_argon2i.c:246:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash_argon2i_str(str_out2, passwd, strlen(passwd), OPSLIMIT, data/libsodium-1.0.18/test/default/pwhash_argon2i.c:269:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (sodium_is_zero((const unsigned char *) str_out + strlen(str_out), data/libsodium-1.0.18/test/default/pwhash_argon2i.c:270:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). crypto_pwhash_STRBYTES - strlen(str_out)) != 1 || data/libsodium-1.0.18/test/default/pwhash_argon2i.c:271:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sodium_is_zero((const unsigned char *) str_out2 + strlen(str_out2), data/libsodium-1.0.18/test/default/pwhash_argon2i.c:272:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). crypto_pwhash_STRBYTES - strlen(str_out2)) != 1) { data/libsodium-1.0.18/test/default/pwhash_argon2i.c:275:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash_argon2i_str_verify(str_out, passwd, strlen(passwd)) != 0) { data/libsodium-1.0.18/test/default/pwhash_argon2i.c:279:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash_argon2i_str_verify(str_out, passwd, strlen(passwd)) != -1) { data/libsodium-1.0.18/test/default/pwhash_argon2i.c:289:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash_argon2i_str(str_out2, passwd, strlen(passwd), 1, MEMLIMIT) != data/libsodium-1.0.18/test/default/pwhash_argon2i.c:300:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "password", strlen("password")) != -1) { data/libsodium-1.0.18/test/default/pwhash_argon2i.c:305:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "password", strlen("password")) != -1) { data/libsodium-1.0.18/test/default/pwhash_argon2i.c:310:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "password", strlen("password")) != -1) { data/libsodium-1.0.18/test/default/pwhash_argon2i.c:315:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "password", strlen("password")) != -1) { data/libsodium-1.0.18/test/default/pwhash_argon2i.c:320:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "password", strlen("password")) != -1) { data/libsodium-1.0.18/test/default/pwhash_argon2i.c:325:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "password", strlen("password")) != -1) { data/libsodium-1.0.18/test/default/pwhash_argon2i.c:331:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "password", strlen("password")) != 0) { data/libsodium-1.0.18/test/default/pwhash_argon2i.c:337:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "passwore", strlen("passwore")) != -1 || errno != EINVAL) { data/libsodium-1.0.18/test/default/pwhash_argon2i.c:343:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "password", strlen("password")) != -1 || errno != EINVAL) { data/libsodium-1.0.18/test/default/pwhash_argon2i.c:349:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "password", strlen("password")) != -1 || errno != EINVAL) { data/libsodium-1.0.18/test/default/pwhash_argon2i.c:355:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "password", strlen("password")) != -1 || errno != EINVAL) { data/libsodium-1.0.18/test/default/pwhash_argon2i.c:361:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "password", strlen("password")) != -1 || errno != EINVAL) { data/libsodium-1.0.18/test/default/pwhash_argon2i.c:411:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(crypto_pwhash_argon2i_strbytes() > strlen(crypto_pwhash_argon2i_strprefix())); data/libsodium-1.0.18/test/default/pwhash_argon2id.c:89:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tests[i].passwd_hex, strlen(tests[i].passwd_hex), NULL, data/libsodium-1.0.18/test/default/pwhash_argon2id.c:92:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tests[i].salt_hex), NULL, NULL, NULL); data/libsodium-1.0.18/test/default/pwhash_argon2id.c:141:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tests[i].passwd_hex, strlen(tests[i].passwd_hex), NULL, data/libsodium-1.0.18/test/default/pwhash_argon2id.c:144:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tests[i].salt_hex), NULL, NULL, NULL); data/libsodium-1.0.18/test/default/pwhash_argon2id.c:156:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash_argon2id(out, sizeof out, "password", strlen("password"), salt, 3, data/libsodium-1.0.18/test/default/pwhash_argon2id.c:160:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash_argon2id(out, sizeof out, "password", strlen("password"), salt, 3, data/libsodium-1.0.18/test/default/pwhash_argon2id.c:164:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash_argon2id(out, sizeof out, "password", strlen("password"), salt, 3, data/libsodium-1.0.18/test/default/pwhash_argon2id.c:168:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash_argon2id(out, sizeof out, "password", strlen("password"), salt, 2, data/libsodium-1.0.18/test/default/pwhash_argon2id.c:172:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash_argon2id(out, 15, "password", strlen("password"), salt, 3, data/libsodium-1.0.18/test/default/pwhash_argon2id.c:180:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(crypto_pwhash_argon2id(out, sizeof out, "password", strlen("password"), salt, data/libsodium-1.0.18/test/default/pwhash_argon2id.c:210:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out = (char *) sodium_malloc(strlen(tests[i].out) + 1U); data/libsodium-1.0.18/test/default/pwhash_argon2id.c:212:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(out, tests[i].out, strlen(tests[i].out) + 1U); data/libsodium-1.0.18/test/default/pwhash_argon2id.c:213:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U); data/libsodium-1.0.18/test/default/pwhash_argon2id.c:215:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U); data/libsodium-1.0.18/test/default/pwhash_argon2id.c:216:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = crypto_pwhash_str_verify(out, passwd, strlen(passwd)); data/libsodium-1.0.18/test/default/pwhash_argon2id.c:238:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash_str(str_out, passwd, strlen(passwd), OPSLIMIT, data/libsodium-1.0.18/test/default/pwhash_argon2id.c:242:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash_str(str_out2, passwd, strlen(passwd), OPSLIMIT, data/libsodium-1.0.18/test/default/pwhash_argon2id.c:278:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (sodium_is_zero((const unsigned char *) str_out + strlen(str_out), data/libsodium-1.0.18/test/default/pwhash_argon2id.c:279:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). crypto_pwhash_STRBYTES - strlen(str_out)) != 1 || data/libsodium-1.0.18/test/default/pwhash_argon2id.c:280:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sodium_is_zero((const unsigned char *) str_out2 + strlen(str_out2), data/libsodium-1.0.18/test/default/pwhash_argon2id.c:281:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). crypto_pwhash_STRBYTES - strlen(str_out2)) != 1) { data/libsodium-1.0.18/test/default/pwhash_argon2id.c:284:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash_argon2id_str_verify(str_out, passwd, strlen(passwd)) != 0) { data/libsodium-1.0.18/test/default/pwhash_argon2id.c:287:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != 0) { data/libsodium-1.0.18/test/default/pwhash_argon2id.c:291:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != -1) { data/libsodium-1.0.18/test/default/pwhash_argon2id.c:301:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash_str(str_out2, passwd, strlen(passwd), 1, MEMLIMIT) != 0) { data/libsodium-1.0.18/test/default/pwhash_argon2id.c:304:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash_str(str_out2, passwd, strlen(passwd), 0, MEMLIMIT) != -1) { data/libsodium-1.0.18/test/default/pwhash_argon2id.c:314:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "password", strlen("password")) != -1) { data/libsodium-1.0.18/test/default/pwhash_argon2id.c:319:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "password", strlen("password")) != -1) { data/libsodium-1.0.18/test/default/pwhash_argon2id.c:324:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "password", strlen("password")) != -1) { data/libsodium-1.0.18/test/default/pwhash_argon2id.c:329:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "password", strlen("password")) != -1) { data/libsodium-1.0.18/test/default/pwhash_argon2id.c:334:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "password", strlen("password")) != -1) { data/libsodium-1.0.18/test/default/pwhash_argon2id.c:339:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "password", strlen("password")) != -1) { data/libsodium-1.0.18/test/default/pwhash_argon2id.c:344:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "password", strlen("password")) != 0) { data/libsodium-1.0.18/test/default/pwhash_argon2id.c:349:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "passwore", strlen("passwore")) != -1 || errno != EINVAL) { data/libsodium-1.0.18/test/default/pwhash_argon2id.c:354:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "password", strlen("password")) != -1 || errno != EINVAL) { data/libsodium-1.0.18/test/default/pwhash_argon2id.c:359:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "password", strlen("password")) != -1 || errno != EINVAL) { data/libsodium-1.0.18/test/default/pwhash_argon2id.c:409:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(crypto_pwhash_strbytes() > strlen(crypto_pwhash_strprefix())); data/libsodium-1.0.18/test/default/pwhash_scrypt.c:101:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tests[i].passwd_hex, strlen(tests[i].passwd_hex), NULL, data/libsodium-1.0.18/test/default/pwhash_scrypt.c:104:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tests[i].salt_hex), NULL, NULL, NULL); data/libsodium-1.0.18/test/default/pwhash_scrypt.c:150:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tests[i].passwd_hex, strlen(tests[i].passwd_hex), NULL, data/libsodium-1.0.18/test/default/pwhash_scrypt.c:153:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tests[i].salt_hex), NULL, NULL, NULL); data/libsodium-1.0.18/test/default/pwhash_scrypt.c:280:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out = (char *) sodium_malloc(strlen(tests[i].out) + 1U); data/libsodium-1.0.18/test/default/pwhash_scrypt.c:282:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(out, tests[i].out, strlen(tests[i].out) + 1U); data/libsodium-1.0.18/test/default/pwhash_scrypt.c:283:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U); data/libsodium-1.0.18/test/default/pwhash_scrypt.c:285:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U); data/libsodium-1.0.18/test/default/pwhash_scrypt.c:287:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out, passwd, strlen(passwd)) != 0) { data/libsodium-1.0.18/test/default/pwhash_scrypt.c:310:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash_scryptsalsa208sha256_str(str_out, passwd, strlen(passwd), data/libsodium-1.0.18/test/default/pwhash_scrypt.c:314:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (crypto_pwhash_scryptsalsa208sha256_str(str_out2, passwd, strlen(passwd), data/libsodium-1.0.18/test/default/pwhash_scrypt.c:340:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(passwd)) != 0) { data/libsodium-1.0.18/test/default/pwhash_scrypt.c:344:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(passwd)) != 0) { data/libsodium-1.0.18/test/default/pwhash_scrypt.c:349:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(passwd)) == 0) { data/libsodium-1.0.18/test/default/pwhash_scrypt.c:384:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(crypto_pwhash_scryptsalsa208sha256_strprefix())); data/libsodium-1.0.18/test/default/pwhash_scrypt_ll.c:29:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t passwd_len = strlen(passwd); data/libsodium-1.0.18/test/default/pwhash_scrypt_ll.c:30:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t salt_len = strlen(salt); data/libsodium-1.0.18/test/default/xchacha20.c:48:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tv->key, strlen(tv->key), NULL, NULL, NULL); data/libsodium-1.0.18/test/default/xchacha20.c:50:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tv->in, strlen(tv->in), NULL, NULL, NULL); data/libsodium-1.0.18/test/default/xchacha20.c:52:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tv->out, strlen(tv->out), NULL, NULL, NULL); data/libsodium-1.0.18/test/default/xchacha20.c:120:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tv->key, strlen(tv->key), NULL, NULL, NULL); data/libsodium-1.0.18/test/default/xchacha20.c:122:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tv->nonce, strlen(tv->nonce), NULL, NULL, NULL); data/libsodium-1.0.18/test/default/xchacha20.c:124:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tv->out, strlen(tv->out), NULL, &out_len, NULL); data/libsodium-1.0.18/test/default/xchacha20.c:230:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_len = strlen(tv->m) / 2; data/libsodium-1.0.18/test/default/xchacha20.c:233:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tv->key, strlen(tv->key), NULL, NULL, NULL); data/libsodium-1.0.18/test/default/xchacha20.c:235:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tv->nonce, strlen(tv->nonce), NULL, NULL, NULL); data/libsodium-1.0.18/test/default/xchacha20.c:236:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sodium_hex2bin(m, m_len, tv->m, strlen(tv->m), NULL, NULL, NULL); data/libsodium-1.0.18/test/default/xchacha20.c:242:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tv->out, strlen(tv->out), NULL, NULL, NULL); ANALYSIS SUMMARY: Hits = 1025 Lines analyzed = 52838 in approximately 4.92 seconds (10729 lines/second) Physical Source Lines of Code (SLOC) = 45151 Hits@level = [0] 713 [1] 193 [2] 818 [3] 9 [4] 5 [5] 0 Hits@level+ = [0+] 1738 [1+] 1025 [2+] 832 [3+] 14 [4+] 5 [5+] 0 Hits/KSLOC@level+ = [0+] 38.4931 [1+] 22.7016 [2+] 18.4271 [3+] 0.310071 [4+] 0.11074 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.