Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/lzma-9.22/C/Ppmd.h
Examining data/lzma-9.22/C/RotateDefs.h
Examining data/lzma-9.22/C/LzFind.c
Examining data/lzma-9.22/C/7zVersion.h
Examining data/lzma-9.22/C/7zCrcOpt.c
Examining data/lzma-9.22/C/LzFindMt.h
Examining data/lzma-9.22/C/Alloc.c
Examining data/lzma-9.22/C/CpuArch.c
Examining data/lzma-9.22/C/7zFile.h
Examining data/lzma-9.22/C/Lzma86Dec.c
Examining data/lzma-9.22/C/7zFile.c
Examining data/lzma-9.22/C/7zCrc.h
Examining data/lzma-9.22/C/LzFind.h
Examining data/lzma-9.22/C/LzmaDec.h
Examining data/lzma-9.22/C/XzCrc64.h
Examining data/lzma-9.22/C/7zCrc.c
Examining data/lzma-9.22/C/Ppmd7.c
Examining data/lzma-9.22/C/7zAlloc.c
Examining data/lzma-9.22/C/LzmaEnc.c
Examining data/lzma-9.22/C/CpuArch.h
Examining data/lzma-9.22/C/Types.h
Examining data/lzma-9.22/C/LzmaLib.c
Examining data/lzma-9.22/C/Lzma2Dec.h
Examining data/lzma-9.22/C/LzmaEnc.h
Examining data/lzma-9.22/C/Threads.c
Examining data/lzma-9.22/C/Ppmd7Enc.c
Examining data/lzma-9.22/C/Alloc.h
Examining data/lzma-9.22/C/7zBuf.c
Examining data/lzma-9.22/C/Sha256.c
Examining data/lzma-9.22/C/Bcj2.h
Examining data/lzma-9.22/C/Lzma2Enc.c
Examining data/lzma-9.22/C/Delta.c
Examining data/lzma-9.22/C/7zBuf.h
Examining data/lzma-9.22/C/LzmaLib.h
Examining data/lzma-9.22/C/XzEnc.h
Examining data/lzma-9.22/C/Bra.h
Examining data/lzma-9.22/C/XzIn.c
Examining data/lzma-9.22/C/LzFindMt.c
Examining data/lzma-9.22/C/Threads.h
Examining data/lzma-9.22/C/Util/LzmaLib/LzmaLibExports.c
Examining data/lzma-9.22/C/Util/SfxSetup/SfxSetup.c
Examining data/lzma-9.22/C/Util/Lzma/LzmaUtil.c
Examining data/lzma-9.22/C/Util/7z/7zMain.c
Examining data/lzma-9.22/C/Lzma86Enc.c
Examining data/lzma-9.22/C/7z.h
Examining data/lzma-9.22/C/Bra.c
Examining data/lzma-9.22/C/7zIn.c
Examining data/lzma-9.22/C/Lzma2Dec.c
Examining data/lzma-9.22/C/Ppmd7.h
Examining data/lzma-9.22/C/MtCoder.h
Examining data/lzma-9.22/C/Bcj2.c
Examining data/lzma-9.22/C/XzEnc.c
Examining data/lzma-9.22/C/Bra86.c
Examining data/lzma-9.22/C/LzHash.h
Examining data/lzma-9.22/C/Ppmd7Dec.c
Examining data/lzma-9.22/C/Delta.h
Examining data/lzma-9.22/C/XzDec.c
Examining data/lzma-9.22/C/MtCoder.c
Examining data/lzma-9.22/C/Lzma2Enc.h
Examining data/lzma-9.22/C/Xz.h
Examining data/lzma-9.22/C/Sha256.h
Examining data/lzma-9.22/C/7zAlloc.h
Examining data/lzma-9.22/C/Lzma86.h
Examining data/lzma-9.22/C/BraIA64.c
Examining data/lzma-9.22/C/7zBuf2.c
Examining data/lzma-9.22/C/7zDec.c
Examining data/lzma-9.22/C/XzCrc64.c
Examining data/lzma-9.22/C/LzmaDec.c
Examining data/lzma-9.22/C/7zStream.c
Examining data/lzma-9.22/C/Xz.c
Examining data/lzma-9.22/CPP/Windows/Handle.h
Examining data/lzma-9.22/CPP/Windows/FileName.h
Examining data/lzma-9.22/CPP/Windows/DLL.cpp
Examining data/lzma-9.22/CPP/Windows/Thread.h
Examining data/lzma-9.22/CPP/Windows/Synchronization.h
Examining data/lzma-9.22/CPP/Windows/FileIO.cpp
Examining data/lzma-9.22/CPP/Windows/PropVariant.cpp
Examining data/lzma-9.22/CPP/Windows/PropVariant.h
Examining data/lzma-9.22/CPP/Windows/MemoryLock.h
Examining data/lzma-9.22/CPP/Windows/FileMapping.h
Examining data/lzma-9.22/CPP/Windows/FileDir.h
Examining data/lzma-9.22/CPP/Windows/Error.h
Examining data/lzma-9.22/CPP/Windows/PropVariantConversions.cpp
Examining data/lzma-9.22/CPP/Windows/FileFind.h
Examining data/lzma-9.22/CPP/Windows/NtCheck.h
Examining data/lzma-9.22/CPP/Windows/FileDir.cpp
Examining data/lzma-9.22/CPP/Windows/Registry.cpp
Examining data/lzma-9.22/CPP/Windows/Registry.h
Examining data/lzma-9.22/CPP/Windows/System.h
Examining data/lzma-9.22/CPP/Windows/Defs.h
Examining data/lzma-9.22/CPP/Windows/Error.cpp
Examining data/lzma-9.22/CPP/Windows/System.cpp
Examining data/lzma-9.22/CPP/Windows/FileMapping.cpp
Examining data/lzma-9.22/CPP/Windows/Time.cpp
Examining data/lzma-9.22/CPP/Windows/FileName.cpp
Examining data/lzma-9.22/CPP/Windows/FileFind.cpp
Examining data/lzma-9.22/CPP/Windows/DLL.h
Examining data/lzma-9.22/CPP/Windows/Synchronization.cpp
Examining data/lzma-9.22/CPP/Windows/FileIO.h
Examining data/lzma-9.22/CPP/Windows/MemoryLock.cpp
Examining data/lzma-9.22/CPP/Windows/StdAfx.h
Examining data/lzma-9.22/CPP/Windows/Time.h
Examining data/lzma-9.22/CPP/Windows/PropVariantConversions.h
Examining data/lzma-9.22/CPP/Common/StringToInt.cpp
Examining data/lzma-9.22/CPP/Common/UTFConvert.cpp
Examining data/lzma-9.22/CPP/Common/ListFileUtils.h
Examining data/lzma-9.22/CPP/Common/StringConvert.h
Examining data/lzma-9.22/CPP/Common/Wildcard.h
Examining data/lzma-9.22/CPP/Common/AutoPtr.h
Examining data/lzma-9.22/CPP/Common/MyVector.h
Examining data/lzma-9.22/CPP/Common/CommandLineParser.h
Examining data/lzma-9.22/CPP/Common/StdOutStream.h
Examining data/lzma-9.22/CPP/Common/CRC.cpp
Examining data/lzma-9.22/CPP/Common/C_FileIO.cpp
Examining data/lzma-9.22/CPP/Common/MyUnknown.h
Examining data/lzma-9.22/CPP/Common/Types.h
Examining data/lzma-9.22/CPP/Common/MyString.cpp
Examining data/lzma-9.22/CPP/Common/IntToString.h
Examining data/lzma-9.22/CPP/Common/MyWindows.h
Examining data/lzma-9.22/CPP/Common/StdInStream.cpp
Examining data/lzma-9.22/CPP/Common/MyInitGuid.h
Examining data/lzma-9.22/CPP/Common/Wildcard.cpp
Examining data/lzma-9.22/CPP/Common/NewHandler.cpp
Examining data/lzma-9.22/CPP/Common/StringConvert.cpp
Examining data/lzma-9.22/CPP/Common/Defs.h
Examining data/lzma-9.22/CPP/Common/IntToString.cpp
Examining data/lzma-9.22/CPP/Common/MyWindows.cpp
Examining data/lzma-9.22/CPP/Common/UTFConvert.h
Examining data/lzma-9.22/CPP/Common/MyException.h
Examining data/lzma-9.22/CPP/Common/MyCom.h
Examining data/lzma-9.22/CPP/Common/NewHandler.h
Examining data/lzma-9.22/CPP/Common/DynamicBuffer.h
Examining data/lzma-9.22/CPP/Common/StdAfx.h
Examining data/lzma-9.22/CPP/Common/ComTry.h
Examining data/lzma-9.22/CPP/Common/MyVector.cpp
Examining data/lzma-9.22/CPP/Common/StdOutStream.cpp
Examining data/lzma-9.22/CPP/Common/MyString.h
Examining data/lzma-9.22/CPP/Common/CommandLineParser.cpp
Examining data/lzma-9.22/CPP/Common/MyGuidDef.h
Examining data/lzma-9.22/CPP/Common/StdInStream.h
Examining data/lzma-9.22/CPP/Common/Buffer.h
Examining data/lzma-9.22/CPP/Common/StringToInt.h
Examining data/lzma-9.22/CPP/Common/ListFileUtils.cpp
Examining data/lzma-9.22/CPP/Common/C_FileIO.h
Examining data/lzma-9.22/CPP/7zip/IPassword.h
Examining data/lzma-9.22/CPP/7zip/IProgress.h
Examining data/lzma-9.22/CPP/7zip/Compress/BcjCoder.cpp
Examining data/lzma-9.22/CPP/7zip/Compress/Lzma2Register.cpp
Examining data/lzma-9.22/CPP/7zip/Compress/Lzma2Decoder.cpp
Examining data/lzma-9.22/CPP/7zip/Compress/BcjRegister.cpp
Examining data/lzma-9.22/CPP/7zip/Compress/CopyCoder.cpp
Examining data/lzma-9.22/CPP/7zip/Compress/Bcj2Coder.h
Examining data/lzma-9.22/CPP/7zip/Compress/ByteSwap.cpp
Examining data/lzma-9.22/CPP/7zip/Compress/Bcj2Register.cpp
Examining data/lzma-9.22/CPP/7zip/Compress/PpmdRegister.cpp
Examining data/lzma-9.22/CPP/7zip/Compress/PpmdEncoder.cpp
Examining data/lzma-9.22/CPP/7zip/Compress/BranchCoder.cpp
Examining data/lzma-9.22/CPP/7zip/Compress/BcjCoder.h
Examining data/lzma-9.22/CPP/7zip/Compress/CodecExports.cpp
Examining data/lzma-9.22/CPP/7zip/Compress/PpmdDecoder.h
Examining data/lzma-9.22/CPP/7zip/Compress/PpmdDecoder.cpp
Examining data/lzma-9.22/CPP/7zip/Compress/Bcj2Coder.cpp
Examining data/lzma-9.22/CPP/7zip/Compress/BranchMisc.cpp
Examining data/lzma-9.22/CPP/7zip/Compress/PpmdEncoder.h
Examining data/lzma-9.22/CPP/7zip/Compress/CopyCoder.h
Examining data/lzma-9.22/CPP/7zip/Compress/BranchCoder.h
Examining data/lzma-9.22/CPP/7zip/Compress/BranchMisc.h
Examining data/lzma-9.22/CPP/7zip/Compress/LzmaRegister.cpp
Examining data/lzma-9.22/CPP/7zip/Compress/DeltaFilter.cpp
Examining data/lzma-9.22/CPP/7zip/Compress/LzmaDecoder.cpp
Examining data/lzma-9.22/CPP/7zip/Compress/Lzma2Encoder.cpp
Examining data/lzma-9.22/CPP/7zip/Compress/Lzma2Encoder.h
Examining data/lzma-9.22/CPP/7zip/Compress/StdAfx.h
Examining data/lzma-9.22/CPP/7zip/Compress/RangeCoder.h
Examining data/lzma-9.22/CPP/7zip/Compress/LzmaEncoder.cpp
Examining data/lzma-9.22/CPP/7zip/Compress/RangeCoderBit.h
Examining data/lzma-9.22/CPP/7zip/Compress/CopyRegister.cpp
Examining data/lzma-9.22/CPP/7zip/Compress/LzmaDecoder.h
Examining data/lzma-9.22/CPP/7zip/Compress/LzmaEncoder.h
Examining data/lzma-9.22/CPP/7zip/Compress/Lzma2Decoder.h
Examining data/lzma-9.22/CPP/7zip/Compress/BranchRegister.cpp
Examining data/lzma-9.22/CPP/7zip/MyVersion.h
Examining data/lzma-9.22/CPP/7zip/IDecl.h
Examining data/lzma-9.22/CPP/7zip/PropID.h
Examining data/lzma-9.22/CPP/7zip/Archive/IArchive.h
Examining data/lzma-9.22/CPP/7zip/Archive/Common/OutStreamWithCRC.h
Examining data/lzma-9.22/CPP/7zip/Archive/Common/DummyOutStream.h
Examining data/lzma-9.22/CPP/7zip/Archive/Common/InStreamWithCRC.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/Common/MultiStream.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/Common/CoderMixer2.h
Examining data/lzma-9.22/CPP/7zip/Archive/Common/ParseProperties.h
Examining data/lzma-9.22/CPP/7zip/Archive/Common/DummyOutStream.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/Common/ItemNameUtils.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/Common/HandlerOut.h
Examining data/lzma-9.22/CPP/7zip/Archive/Common/CrossThreadProgress.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/Common/ParseProperties.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/Common/MultiStream.h
Examining data/lzma-9.22/CPP/7zip/Archive/Common/HandlerOut.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/Common/StdAfx.h
Examining data/lzma-9.22/CPP/7zip/Archive/Common/OutStreamWithCRC.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/Common/CrossThreadProgress.h
Examining data/lzma-9.22/CPP/7zip/Archive/Common/CoderMixer2MT.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/Common/InStreamWithCRC.h
Examining data/lzma-9.22/CPP/7zip/Archive/Common/CoderMixer2.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/Common/CoderMixer2MT.h
Examining data/lzma-9.22/CPP/7zip/Archive/Common/ItemNameUtils.h
Examining data/lzma-9.22/CPP/7zip/Archive/XzHandler.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zFolderOutStream.h
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zDecode.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zHeader.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zHeader.h
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zFolderInStream.h
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zSpecStream.h
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zSpecStream.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zFolderOutStream.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zUpdate.h
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zCompressionMode.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zProperties.h
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zHandler.h
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zEncode.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zIn.h
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zHandler.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zFolderInStream.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/7z/StdAfx.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zIn.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/7z/StdAfx.h
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zExtract.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zItem.h
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zHandlerOut.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zProperties.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zDecode.h
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zOut.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zCompressionMode.h
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zUpdate.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zEncode.h
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zRegister.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/7z/7zOut.h
Examining data/lzma-9.22/CPP/7zip/Archive/ArchiveExports.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/SplitHandler.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/StdAfx.h
Examining data/lzma-9.22/CPP/7zip/Archive/DllExports2.cpp
Examining data/lzma-9.22/CPP/7zip/Archive/LzmaHandler.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Common/WorkDir.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Common/Update.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/Property.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/ArchiveExtractCallback.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/UpdateCallback.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Common/EnumDirItems.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Common/SetProperties.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/ArchiveOpenCallback.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Common/ArchiveName.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Common/ArchiveCommandLine.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/DefaultName.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Common/UpdatePair.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Common/TempFiles.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Common/UpdateProduce.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Common/ExtractingFilePath.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Common/ArchiveCommandLine.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Common/LoadCodecs.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/SortUtils.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Common/SortUtils.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/DefaultName.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/Update.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Common/Extract.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/OpenArchive.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/Bench.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/Extract.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Common/DirItem.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/UpdateProduce.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/LoadCodecs.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Common/ExtractMode.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/StdAfx.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/PropIDUtils.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/UpdateCallback.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/WorkDir.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/EnumDirItems.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/TempFiles.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/ArchiveOpenCallback.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/ArchiveExtractCallback.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Common/ExtractingFilePath.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/UpdateAction.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/SetProperties.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Common/Bench.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Common/PropIDUtils.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Common/OpenArchive.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Common/UpdateAction.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Common/ArchiveName.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/IFileExtractCallback.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/ExitCode.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/ZipRegistry.h
Examining data/lzma-9.22/CPP/7zip/UI/Common/UpdatePair.h
Examining data/lzma-9.22/CPP/7zip/UI/Console/Main.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Console/PercentPrinter.h
Examining data/lzma-9.22/CPP/7zip/UI/Console/UserInputUtils.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Console/UpdateCallbackConsole.h
Examining data/lzma-9.22/CPP/7zip/UI/Console/ExtractCallbackConsole.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Console/OpenCallbackConsole.h
Examining data/lzma-9.22/CPP/7zip/UI/Console/ExtractCallbackConsole.h
Examining data/lzma-9.22/CPP/7zip/UI/Console/MainAr.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Console/UserInputUtils.h
Examining data/lzma-9.22/CPP/7zip/UI/Console/ConsoleClose.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Console/UpdateCallbackConsole.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Console/StdAfx.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Console/OpenCallbackConsole.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Console/List.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Console/List.h
Examining data/lzma-9.22/CPP/7zip/UI/Console/StdAfx.h
Examining data/lzma-9.22/CPP/7zip/UI/Console/BenchCon.h
Examining data/lzma-9.22/CPP/7zip/UI/Console/PercentPrinter.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Console/BenchCon.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Console/ConsoleClose.h
Examining data/lzma-9.22/CPP/7zip/UI/Client7z/Client7z.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Client7z/StdAfx.cpp
Examining data/lzma-9.22/CPP/7zip/UI/Client7z/StdAfx.h
Examining data/lzma-9.22/CPP/7zip/Common/VirtThread.h
Examining data/lzma-9.22/CPP/7zip/Common/ProgressUtils.cpp
Examining data/lzma-9.22/CPP/7zip/Common/FileStreams.cpp
Examining data/lzma-9.22/CPP/7zip/Common/RegisterArc.h
Examining data/lzma-9.22/CPP/7zip/Common/InBuffer.cpp
Examining data/lzma-9.22/CPP/7zip/Common/MethodProps.h
Examining data/lzma-9.22/CPP/7zip/Common/FilePathAutoRename.h
Examining data/lzma-9.22/CPP/7zip/Common/FilterCoder.cpp
Examining data/lzma-9.22/CPP/7zip/Common/InOutTempBuffer.cpp
Examining data/lzma-9.22/CPP/7zip/Common/OffsetStream.h
Examining data/lzma-9.22/CPP/7zip/Common/StreamObjects.cpp
Examining data/lzma-9.22/CPP/7zip/Common/MethodId.cpp
Examining data/lzma-9.22/CPP/7zip/Common/ProgressUtils.h
Examining data/lzma-9.22/CPP/7zip/Common/FilePathAutoRename.cpp
Examining data/lzma-9.22/CPP/7zip/Common/InBuffer.h
Examining data/lzma-9.22/CPP/7zip/Common/OffsetStream.cpp
Examining data/lzma-9.22/CPP/7zip/Common/LimitedStreams.cpp
Examining data/lzma-9.22/CPP/7zip/Common/CWrappers.h
Examining data/lzma-9.22/CPP/7zip/Common/OutBuffer.cpp
Examining data/lzma-9.22/CPP/7zip/Common/CreateCoder.cpp
Examining data/lzma-9.22/CPP/7zip/Common/LimitedStreams.h
Examining data/lzma-9.22/CPP/7zip/Common/CreateCoder.h
Examining data/lzma-9.22/CPP/7zip/Common/FilterCoder.h
Examining data/lzma-9.22/CPP/7zip/Common/StreamObjects.h
Examining data/lzma-9.22/CPP/7zip/Common/LockedStream.h
Examining data/lzma-9.22/CPP/7zip/Common/StreamBinder.cpp
Examining data/lzma-9.22/CPP/7zip/Common/MethodId.h
Examining data/lzma-9.22/CPP/7zip/Common/MethodProps.cpp
Examining data/lzma-9.22/CPP/7zip/Common/StdAfx.h
Examining data/lzma-9.22/CPP/7zip/Common/FileStreams.h
Examining data/lzma-9.22/CPP/7zip/Common/StreamUtils.h
Examining data/lzma-9.22/CPP/7zip/Common/StreamBinder.h
Examining data/lzma-9.22/CPP/7zip/Common/StreamUtils.cpp
Examining data/lzma-9.22/CPP/7zip/Common/OutBuffer.h
Examining data/lzma-9.22/CPP/7zip/Common/InOutTempBuffer.h
Examining data/lzma-9.22/CPP/7zip/Common/RegisterCodec.h
Examining data/lzma-9.22/CPP/7zip/Common/CWrappers.cpp
Examining data/lzma-9.22/CPP/7zip/Common/LockedStream.cpp
Examining data/lzma-9.22/CPP/7zip/Common/VirtThread.cpp
Examining data/lzma-9.22/CPP/7zip/Bundles/LzmaCon/LzmaAlone.cpp
Examining data/lzma-9.22/CPP/7zip/Bundles/LzmaCon/StdAfx.cpp
Examining data/lzma-9.22/CPP/7zip/Bundles/LzmaCon/StdAfx.h
Examining data/lzma-9.22/CPP/7zip/Bundles/LzmaCon/lzmp.cpp
Examining data/lzma-9.22/CPP/7zip/Bundles/LzmaCon/Exception.h
Examining data/lzma-9.22/CPP/7zip/Bundles/LzmaCon/lzma_version.h
Examining data/lzma-9.22/CPP/7zip/Bundles/Alone7z/StdAfx.cpp
Examining data/lzma-9.22/CPP/7zip/Bundles/Alone7z/StdAfx.h
Examining data/lzma-9.22/CPP/7zip/Bundles/Format7zR/StdAfx.cpp
Examining data/lzma-9.22/CPP/7zip/Bundles/Format7zR/StdAfx.h
Examining data/lzma-9.22/CPP/7zip/Bundles/Format7zExtractR/StdAfx.cpp
Examining data/lzma-9.22/CPP/7zip/Bundles/Format7zExtractR/StdAfx.h
Examining data/lzma-9.22/CPP/7zip/ICoder.h
Examining data/lzma-9.22/CPP/7zip/IStream.h
FINAL RESULTS:
data/lzma-9.22/C/Util/Lzma/LzmaUtil.c:36:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, message);
data/lzma-9.22/C/Util/SfxSetup/SfxSetup.c:188:7: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(path + len, fd.cFileName);
data/lzma-9.22/C/Util/SfxSetup/SfxSetup.c:547:7: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(cmdLine, path);
data/lzma-9.22/C/Util/SfxSetup/SfxSetup.c:548:7: [4] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
wcscat(cmdLine, cmdLineParams);
data/lzma-9.22/C/Threads.c:77:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(p);
data/lzma-9.22/C/Threads.h:52:34: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
#define CriticalSection_Enter(p) EnterCriticalSection(p)
data/lzma-9.22/CPP/7zip/Bundles/LzmaCon/lzmp.cpp:262:20: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while (-1 != (c = getopt_long(argc, argv, option_string,
data/lzma-9.22/CPP/Windows/DLL.cpp:33:17: [3] (misc) LoadLibraryEx:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
_module = ::LoadLibraryEx(fs2fas(path), NULL, flags);
data/lzma-9.22/CPP/Windows/DLL.cpp:50:17: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
_module = ::LoadLibrary(fs2fas(path));
data/lzma-9.22/CPP/Windows/MemoryLock.cpp:71:21: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
HMODULE hModule = LoadLibrary(TEXT("Advapi32.dll"));
data/lzma-9.22/C/7zBuf2.c:30:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, p->data, p->pos);
data/lzma-9.22/C/7zBuf2.c:34:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->data + p->pos, buf, size);
data/lzma-9.22/C/7zDec.c:235:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outBuffer, inBuf, curSize);
data/lzma-9.22/C/7zFile.c:48:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
p->file = fopen(name, writeMode ? "wb+" : "rb");
data/lzma-9.22/C/7zIn.c:1022:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->FileNames.data, sd->Data, namesSize);
data/lzma-9.22/C/7zStream.c:46:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, lookBuf, *size);
data/lzma-9.22/C/7zStream.c:121:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p->buf + p->pos, rem);
data/lzma-9.22/C/Lzma2Dec.c:161:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->dic + p->dicPos, src, size);
data/lzma-9.22/C/Lzma2Dec.c:319:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, p->decoder.dic + dicPos, outSizeCur);
data/lzma-9.22/C/Lzma2Enc.c:118:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outBuf + destPos, LzmaEnc_GetCurBuf(p->enc) - unpackSize, u);
data/lzma-9.22/C/Lzma86Enc.c:50:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filteredStream, src, srcLen);
data/lzma-9.22/C/LzmaDec.c:782:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->tempBuf, src, inSize);
data/lzma-9.22/C/LzmaDec.c:870:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, p->dic + dicPos, outSizeCur);
data/lzma-9.22/C/LzmaEnc.c:359:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isMatch[i], p->isMatch[i], sizeof(p->isMatch[i]));
data/lzma-9.22/C/LzmaEnc.c:360:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep0Long[i], p->isRep0Long[i], sizeof(p->isRep0Long[i]));
data/lzma-9.22/C/LzmaEnc.c:363:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posSlotEncoder[i], p->posSlotEncoder[i], sizeof(p->posSlotEncoder[i]));
data/lzma-9.22/C/LzmaEnc.c:364:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep, p->isRep, sizeof(p->isRep));
data/lzma-9.22/C/LzmaEnc.c:365:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG0, p->isRepG0, sizeof(p->isRepG0));
data/lzma-9.22/C/LzmaEnc.c:366:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG1, p->isRepG1, sizeof(p->isRepG1));
data/lzma-9.22/C/LzmaEnc.c:367:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG2, p->isRepG2, sizeof(p->isRepG2));
data/lzma-9.22/C/LzmaEnc.c:368:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posEncoders, p->posEncoders, sizeof(p->posEncoders));
data/lzma-9.22/C/LzmaEnc.c:369:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posAlignEncoder, p->posAlignEncoder, sizeof(p->posAlignEncoder));
data/lzma-9.22/C/LzmaEnc.c:370:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->reps, p->reps, sizeof(p->reps));
data/lzma-9.22/C/LzmaEnc.c:371:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->litProbs, p->litProbs, (0x300 << p->lclp) * sizeof(CLzmaProb));
data/lzma-9.22/C/LzmaEnc.c:385:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isMatch[i], p->isMatch[i], sizeof(p->isMatch[i]));
data/lzma-9.22/C/LzmaEnc.c:386:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep0Long[i], p->isRep0Long[i], sizeof(p->isRep0Long[i]));
data/lzma-9.22/C/LzmaEnc.c:389:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posSlotEncoder[i], p->posSlotEncoder[i], sizeof(p->posSlotEncoder[i]));
data/lzma-9.22/C/LzmaEnc.c:390:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep, p->isRep, sizeof(p->isRep));
data/lzma-9.22/C/LzmaEnc.c:391:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG0, p->isRepG0, sizeof(p->isRepG0));
data/lzma-9.22/C/LzmaEnc.c:392:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG1, p->isRepG1, sizeof(p->isRepG1));
data/lzma-9.22/C/LzmaEnc.c:393:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG2, p->isRepG2, sizeof(p->isRepG2));
data/lzma-9.22/C/LzmaEnc.c:394:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posEncoders, p->posEncoders, sizeof(p->posEncoders));
data/lzma-9.22/C/LzmaEnc.c:395:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posAlignEncoder, p->posAlignEncoder, sizeof(p->posAlignEncoder));
data/lzma-9.22/C/LzmaEnc.c:396:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->reps, p->reps, sizeof(p->reps));
data/lzma-9.22/C/LzmaEnc.c:397:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->litProbs, p->litProbs, (0x300 << dest->lclp) * sizeof(CLzmaProb));
data/lzma-9.22/C/LzmaEnc.c:2109:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->data, data, size);
data/lzma-9.22/C/Ppmd7Dec.c:77:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define MASK(sym) ((signed char *)charMask)[sym]
data/lzma-9.22/C/Ppmd7Enc.c:75:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define MASK(sym) ((signed char *)charMask)[sym]
data/lzma-9.22/C/Util/7z/7zMain.c:189:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[32];
data/lzma-9.22/C/Util/7z/7zMain.c:205:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[16];
data/lzma-9.22/C/Util/7z/7zMain.c:386:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attr[8], s[32], t[32];
data/lzma-9.22/C/Util/Lzma/LzmaUtil.c:27:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "\nLZMA Utility " MY_VERSION_COPYRIGHT_DATE "\n"
data/lzma-9.22/C/Util/Lzma/LzmaUtil.c:35:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "\nError: ");
data/lzma-9.22/C/Util/Lzma/LzmaUtil.c:43:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer + strlen(buffer), "\nError code: %x\n", (unsigned)val);
data/lzma-9.22/C/Util/Lzma/LzmaUtil.c:117:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[LZMA_PROPS_SIZE + 8];
data/lzma-9.22/C/Util/Lzma/LzmaUtil.c:250:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rs[800] = { 0 };
data/lzma-9.22/C/Util/SfxSetup/SfxSetup.c:302:7: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(path + pathLen, L"7z");
data/lzma-9.22/C/XzDec.c:141:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, p->buf + p->bufPos, curSize);
data/lzma-9.22/C/XzDec.c:156:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->buf + p->bufTotal, src, curSize);
data/lzma-9.22/C/XzDec.c:549:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filter->props, header + pos, (size_t)size);
data/lzma-9.22/C/XzDec.c:725:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->buf + p->pos, src, cur);
data/lzma-9.22/C/XzDec.c:759:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->buf + p->pos, src, cur);
data/lzma-9.22/C/XzDec.c:843:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->buf + p->pos, src, cur);
data/lzma-9.22/C/XzEnc.c:47:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header, XZ_SIG, XZ_SIG_SIZE);
data/lzma-9.22/C/XzEnc.c:71:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header + pos, f->props, f->propsSize);
data/lzma-9.22/C/XzEnc.c:121:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 10, XZ_FOOTER_SIG, XZ_FOOTER_SIG_SIZE);
data/lzma-9.22/C/XzEnc.c:140:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(blocks, p->blocks, p->numBlocks * sizeof(CXzBlockSizes));
data/lzma-9.22/C/XzIn.c:293:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, p->streams, p->num * sizeof(CXzStream));
data/lzma-9.22/CPP/7zip/Archive/7z/7zHandler.cpp:85:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t s[32];
data/lzma-9.22/CPP/7zip/Archive/7z/7zHandler.cpp:160:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buffer[32];
data/lzma-9.22/CPP/7zip/Archive/7z/7zIn.cpp:320:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, _header, kHeaderSize);
data/lzma-9.22/CPP/7zip/Archive/7z/7zIn.cpp:338:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_header, buffer + pos, kHeaderSize);
data/lzma-9.22/CPP/7zip/Archive/7z/7zOut.cpp:39:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, kSignature, kSignatureSize);
data/lzma-9.22/CPP/7zip/Archive/7z/7zOut.h:33:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_data + _pos, data, size);
data/lzma-9.22/CPP/7zip/Archive/LzmaHandler.cpp:266:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[64];
data/lzma-9.22/CPP/7zip/Archive/XzHandler.cpp:133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[32];
data/lzma-9.22/CPP/7zip/Archive/XzHandler.cpp:188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[32];
data/lzma-9.22/CPP/7zip/Bundles/LzmaCon/lzmp.cpp:425:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[33];
data/lzma-9.22/CPP/7zip/Bundles/LzmaCon/lzmp.cpp:874:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10] = { 0 };
data/lzma-9.22/CPP/7zip/Common/FileStreams.cpp:82:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, Buffer + pos, rem);
data/lzma-9.22/CPP/7zip/Common/FilterCoder.cpp:105:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_buffer + _bufferPos, data, sizeTemp);
data/lzma-9.22/CPP/7zip/Common/FilterCoder.cpp:178:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, _buffer + _convertedPosBegin, sizeTemp);
data/lzma-9.22/CPP/7zip/Common/InOutTempBuffer.cpp:62:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_buf + _bufPos, data, cur);
data/lzma-9.22/CPP/7zip/Common/StreamBinder.cpp:90:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, _buf, size);
data/lzma-9.22/CPP/7zip/Common/StreamObjects.cpp:22:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, _data + (size_t)_pos, rem);
data/lzma-9.22/CPP/7zip/Common/StreamObjects.cpp:83:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, (const Byte *)_buffer, _size);
data/lzma-9.22/CPP/7zip/Common/StreamObjects.cpp:95:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, data, size);
data/lzma-9.22/CPP/7zip/Common/StreamObjects.cpp:107:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_buffer + _pos, data, rem);
data/lzma-9.22/CPP/7zip/Common/StreamObjects.cpp:200:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, p + offset, cur);
data/lzma-9.22/CPP/7zip/Compress/LzmaDecoder.cpp:238:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, _inBuf + _inPos, curSize);
data/lzma-9.22/CPP/7zip/UI/Client7z/Client7z.cpp:632:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t temp[16];
data/lzma-9.22/CPP/7zip/UI/Common/Bench.cpp:220:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Buffer + Pos, data, curSize);
data/lzma-9.22/CPP/7zip/UI/Common/Bench.cpp:1231:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[128];
data/lzma-9.22/CPP/7zip/UI/Common/EnumDirItems.cpp:39:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + len, (const wchar_t *)name, name.Length() * sizeof(wchar_t));
data/lzma-9.22/CPP/7zip/UI/Common/EnumDirItems.cpp:44:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + len, (const wchar_t *)s, s.Length() * sizeof(wchar_t));
data/lzma-9.22/CPP/7zip/UI/Common/PropIDUtils.cpp:27:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char g_WinAttrib[17] = "RHS8DAdNTsrCOnE_";
data/lzma-9.22/CPP/7zip/UI/Common/PropIDUtils.cpp:48:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char kPosixTypes[16] = { '0', 'p', 'c', '3', 'd', '5', 'b', '7', '-', '9', 'l', 'B', 's', 'D', 'E', 'F' };
data/lzma-9.22/CPP/7zip/UI/Common/PropIDUtils.cpp:72:7: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t temp[12];
data/lzma-9.22/CPP/7zip/UI/Common/PropIDUtils.cpp:81:7: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t sz[32];
data/lzma-9.22/CPP/7zip/UI/Common/PropIDUtils.cpp:95:7: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t temp[16];
data/lzma-9.22/CPP/7zip/UI/Common/SetProperties.cpp:68:24: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
names.Add((const wchar_t *)realNames[i]);
data/lzma-9.22/CPP/7zip/UI/Console/List.cpp:213:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t s[16];
data/lzma-9.22/CPP/7zip/UI/Console/List.cpp:277:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[32];
data/lzma-9.22/CPP/7zip/UI/Console/List.cpp:322:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[8];
data/lzma-9.22/CPP/7zip/UI/Console/List.cpp:361:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t textString[32] = { 0 };
data/lzma-9.22/CPP/7zip/UI/Console/List.cpp:382:7: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t textString[32];
data/lzma-9.22/CPP/7zip/UI/Console/Main.cpp:271:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[16];
data/lzma-9.22/CPP/7zip/UI/Console/Main.cpp:326:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[16];
data/lzma-9.22/CPP/7zip/UI/Console/Main.cpp:339:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[32];
data/lzma-9.22/CPP/7zip/UI/Console/Main.cpp:459:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[16];
data/lzma-9.22/CPP/7zip/UI/Console/PercentPrinter.cpp:27:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[kMaxExtraSize * 3 + 1];
data/lzma-9.22/CPP/7zip/UI/Console/PercentPrinter.cpp:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[32];
data/lzma-9.22/CPP/7zip/UI/Console/PercentPrinter.cpp:75:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullString[kMaxExtraSize * 3];
data/lzma-9.22/CPP/Common/C_FileIO.cpp:22:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_handle = ::open(name, flags, 0666);
data/lzma-9.22/CPP/Common/IntToString.cpp:14:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[72];
data/lzma-9.22/CPP/Common/IntToString.cpp:31:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t temp[32];
data/lzma-9.22/CPP/Common/MyCom.h:129:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res, m_str, byteLen);
data/lzma-9.22/CPP/Common/MyGuidDef.h:12:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Data4[8];
data/lzma-9.22/CPP/Common/MyString.cpp:95:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[kBufferSize + 1];
data/lzma-9.22/CPP/Common/MyString.cpp:101:5: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
::MultiByteToWideChar(CP_ACP, 0, s, numChars, &c, 1);
data/lzma-9.22/CPP/Common/MyString.cpp:113:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[kBufferSize + 1];
data/lzma-9.22/CPP/Common/MyString.cpp:119:5: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
::MultiByteToWideChar(CP_ACP, 0, s, numChars, &c, 1);
data/lzma-9.22/CPP/Common/MyVector.cpp:53:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, _items, _itemSize * numRecordsToMove);
data/lzma-9.22/CPP/Common/StdOutStream.cpp:29:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_stream = fopen(fileName, kFileOpenMode);
data/lzma-9.22/CPP/Common/StdOutStream.cpp:94:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textString[32];
data/lzma-9.22/CPP/Common/StdOutStream.cpp:101:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textString[32];
data/lzma-9.22/CPP/Common/StringConvert.cpp:17:20: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
int numChars = MultiByteToWideChar(codePage, 0, srcString,
data/lzma-9.22/CPP/Windows/DLL.cpp:67:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR s[MAX_PATH + 2];
data/lzma-9.22/CPP/Windows/Error.cpp:47:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t s[16];
data/lzma-9.22/CPP/Windows/FileDir.cpp:37:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR s[MAX_PATH + 2];
data/lzma-9.22/CPP/Windows/FileDir.cpp:60:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR s[MAX_PATH + 2];
data/lzma-9.22/CPP/Windows/FileDir.cpp:349:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR s[MAX_PATH + 2];
data/lzma-9.22/CPP/Windows/FileDir.cpp:411:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR s[MAX_PATH + 2];
data/lzma-9.22/CPP/Windows/FileDir.cpp:456:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR s[MAX_PATH + 2];
data/lzma-9.22/CPP/Windows/PropVariant.cpp:180:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this, pSrc, sizeof(PROPVARIANT));
data/lzma-9.22/CPP/Windows/PropVariant.cpp:190:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pDest, this, sizeof(PROPVARIANT));
data/lzma-9.22/CPP/Windows/PropVariantConversions.cpp:14:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buffer[32];
data/lzma-9.22/CPP/Windows/PropVariantConversions.cpp:21:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buffer[32];
data/lzma-9.22/CPP/Windows/PropVariantConversions.cpp:30:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[16];
data/lzma-9.22/CPP/Windows/PropVariantConversions.cpp:69:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[32];
data/lzma-9.22/CPP/Windows/Registry.cpp:80:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR buffer[kBufferSize];
data/lzma-9.22/C/Util/Lzma/LzmaUtil.c:37:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buffer, "\n");
data/lzma-9.22/C/Util/Lzma/LzmaUtil.c:43:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buffer + strlen(buffer), "\nError code: %x\n", (unsigned)val);
data/lzma-9.22/C/Util/Lzma/LzmaUtil.c:191:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (numArgs < 3 || numArgs > 4 || strlen(args[1]) != 1)
data/lzma-9.22/C/Util/SfxSetup/SfxSetup.c:48:28: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned len = (unsigned)wcslen(s);
data/lzma-9.22/C/Util/SfxSetup/SfxSetup.c:70:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned itemLen = (unsigned)strlen(item);
data/lzma-9.22/C/Util/SfxSetup/SfxSetup.c:177:16: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = wcslen(path);
data/lzma-9.22/C/Util/SfxSetup/SfxSetup.c:178:3: [1] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant character.
wcscpy(path + len, L"*");
data/lzma-9.22/C/Util/SfxSetup/SfxSetup.c:191:9: [1] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant
character.
wcscat(path, L"\\");
data/lzma-9.22/C/Util/SfxSetup/SfxSetup.c:293:15: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathLen = wcslen(path);
data/lzma-9.22/C/Util/SfxSetup/SfxSetup.c:305:29: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wchar_t *s = path + wcslen(path);
data/lzma-9.22/C/Util/SfxSetup/SfxSetup.c:321:9: [1] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant
character.
wcscat(path, L"\\");
data/lzma-9.22/C/Util/SfxSetup/SfxSetup.c:322:19: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathLen = wcslen(path);
data/lzma-9.22/C/Util/SfxSetup/SfxSetup.c:430:36: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned len = (unsigned)wcslen(name);
data/lzma-9.22/C/Util/SfxSetup/SfxSetup.c:531:11: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wcslen(cmdLineParams) != 0)
data/lzma-9.22/CPP/7zip/Bundles/LzmaCon/lzmp.cpp:510:9: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal(ending.rbegin(), ending.rend(), str.rbegin());
data/lzma-9.22/CPP/7zip/Bundles/LzmaCon/lzmp.cpp:539:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int suffix_starts_at = filename.length() - strlen (suffix);
data/lzma-9.22/CPP/7zip/Bundles/LzmaCon/lzmp.cpp:540:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string from_suffix = filename.substr(suffix_starts_at, strlen (suffix));
data/lzma-9.22/CPP/7zip/Bundles/LzmaCon/lzmp.cpp:662:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0077);
data/lzma-9.22/CPP/7zip/Common/FileStreams.cpp:201:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res = read(0, data, (size_t)size);
data/lzma-9.22/CPP/7zip/UI/Common/Bench.cpp:1240:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int)strlen(s + startPos);
data/lzma-9.22/CPP/7zip/UI/Common/Bench.cpp:1352:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (unsigned len = (unsigned)strlen(s); len < size; len++)
data/lzma-9.22/CPP/7zip/UI/Console/PercentPrinter.cpp:66:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = (unsigned)strlen(s);
data/lzma-9.22/CPP/Common/C_FileIO.cpp:65:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(_handle, data, size);
data/lzma-9.22/CPP/Common/StdInStream.cpp:101:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(_stream); // getc() doesn't work in BeOS?
data/lzma-9.22/CPP/Windows/PropVariant.cpp:76:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
UINT len = (UINT)strlen(s);
data/lzma-9.22/CPP/Windows/Registry.cpp:154:38: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(const BYTE * )value, (DWORD)((wcslen(value) + 1) * sizeof(wchar_t)));
ANALYSIS SUMMARY:
Hits = 167
Lines analyzed = 56499 in approximately 1.12 seconds (50466 lines/second)
Physical Source Lines of Code (SLOC) = 46575
Hits@level = [0] 53 [1] 26 [2] 131 [3] 6 [4] 4 [5] 0
Hits@level+ = [0+] 220 [1+] 167 [2+] 141 [3+] 10 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 4.72356 [1+] 3.58561 [2+] 3.02738 [3+] 0.214707 [4+] 0.085883 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.