Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/nsf-2.3.0/win/nmakehlp.c Examining data/nsf-2.3.0/library/mongodb/nsfmongo.c Examining data/nsf-2.3.0/library/mongodb/mongoAPI.h Examining data/nsf-2.3.0/generic/stubs8.5/nsfStubInit.c Examining data/nsf-2.3.0/generic/stubs8.5/nsfDecls.h Examining data/nsf-2.3.0/generic/stubs8.5/nsfIntDecls.h Examining data/nsf-2.3.0/generic/nsfStack.c Examining data/nsf-2.3.0/generic/nsfFunPtrHashTable.c Examining data/nsf-2.3.0/generic/asm/asmExecuteTemplateCallThreading.c Examining data/nsf-2.3.0/generic/asm/nsfAsmExecuteCallThreading.c Examining data/nsf-2.3.0/generic/asm/asmExecuteTemplate.c Examining data/nsf-2.3.0/generic/asm/asmAssembleTemplate.c Examining data/nsf-2.3.0/generic/asm/nsfAsmAssemble.c Examining data/nsf-2.3.0/generic/asm/asmExecuteTemplateLabelThreading.c Examining data/nsf-2.3.0/generic/asm/nsfAsmExecuteLabelThreading.c Examining data/nsf-2.3.0/generic/asm/nsfAssemble.c Examining data/nsf-2.3.0/generic/asm/threaded.c Examining data/nsf-2.3.0/generic/nsfUtil.c Examining data/nsf-2.3.0/generic/nsfPointer.c Examining data/nsf-2.3.0/generic/nsfObj.c Examining data/nsf-2.3.0/generic/predefined.h Examining data/nsf-2.3.0/generic/nsfCompile.c Examining data/nsf-2.3.0/generic/nsf.h Examining data/nsf-2.3.0/generic/nsfAPI.h Examining data/nsf-2.3.0/generic/nsfEnumerationType.c Examining data/nsf-2.3.0/generic/nsfDTrace.h Examining data/nsf-2.3.0/generic/nsfCmdPtr.c Examining data/nsf-2.3.0/generic/aolstub.c Examining data/nsf-2.3.0/generic/nsfStubLib.c Examining data/nsf-2.3.0/generic/nsfAccessInt.h Examining data/nsf-2.3.0/generic/stubs8.6/nsfStubInit.c Examining data/nsf-2.3.0/generic/stubs8.6/nsfDecls.h Examining data/nsf-2.3.0/generic/stubs8.6/nsfIntDecls.h Examining data/nsf-2.3.0/generic/nsfValgrind.c Examining data/nsf-2.3.0/generic/stubs8.7/nsfStubInit.c Examining data/nsf-2.3.0/generic/stubs8.7/nsfDecls.h Examining data/nsf-2.3.0/generic/stubs8.7/nsfIntDecls.h Examining data/nsf-2.3.0/generic/nsfError.c Examining data/nsf-2.3.0/generic/nsfInt.h Examining data/nsf-2.3.0/generic/nsfObjectData.c Examining data/nsf-2.3.0/generic/nsfDebug.c Examining data/nsf-2.3.0/generic/nsf.c Examining data/nsf-2.3.0/generic/nsfCmdDefinitions.c Examining data/nsf-2.3.0/generic/nsfProfile.c Examining data/nsf-2.3.0/generic/nsfShadow.c FINAL RESULTS: data/nsf-2.3.0/generic/nsf.c:22938:58: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. nonnull(1) nonnull(2) nonnull(5) NSF_attribute_format((printf,5,6)); data/nsf-2.3.0/generic/nsf.h:441:55: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. NSF_nonnull(1) NSF_nonnull(3) NSF_attribute_format((printf,3,4)); data/nsf-2.3.0/generic/nsfError.c:106:12: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. result = vsnprintf(dsPtr->string + offset, (size_t)avail, fmt, argPtrCopy); data/nsf-2.3.0/generic/nsfError.c:168:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. result = vsnprintf(dsPtr->string + offset, (size_t)avail, fmt, argPtrCopy); data/nsf-2.3.0/generic/nsfInt.h:1385:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define vsnprintf _vsnprintf data/nsf-2.3.0/generic/nsfPointer.c:80:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buffer, size, Tcl_DStringValue(dsPtr), (*counterPtr)++); data/nsf-2.3.0/win/nmakehlp.c:38:11: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/nsf-2.3.0/win/nmakehlp.c:38:20: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/nsf-2.3.0/win/nmakehlp.c:237:5: [4] (buffer) lstrcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). lstrcat(cmdline, option); data/nsf-2.3.0/win/nmakehlp.c:371:5: [4] (buffer) lstrcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). lstrcat(cmdline, option); data/nsf-2.3.0/win/nmakehlp.c:656:6: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(szBuffer); data/nsf-2.3.0/win/nmakehlp.c:245:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. ok = CreateProcess( data/nsf-2.3.0/win/nmakehlp.c:245:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. ok = CreateProcess( data/nsf-2.3.0/win/nmakehlp.c:373:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. ok = CreateProcess( data/nsf-2.3.0/win/nmakehlp.c:373:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. ok = CreateProcess( data/nsf-2.3.0/generic/asm/nsfAssemble.c:355:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tov, objv, sizeof(Tcl_Obj *)*(objc)); data/nsf-2.3.0/generic/nsf.c:648:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dlPtr->data, &dlPtr->static_data[0], dlPtr->size * sizeof(dlPtr->data[0])); data/nsf-2.3.0/generic/nsf.c:1007:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pcPtr->full_objv, &pcPtr->objv_static[0], sizeof(Tcl_Obj *) * PARSE_CONTEXT_PREALLOC); data/nsf-2.3.0/generic/nsf.c:1008:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pcPtr->flags, &pcPtr->flags_static[0], sizeof(int) * PARSE_CONTEXT_PREALLOC); data/nsf-2.3.0/generic/nsf.c:1025:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pcPtr->objv + from, source, sizeof(Tcl_Obj *) * (size_t)elts); data/nsf-2.3.0/generic/nsf.c:1197:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tov+2, objv, sizeof(Tcl_Obj *) * ((size_t)objc - 2u)); data/nsf-2.3.0/generic/nsf.c:1253:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tov+3, objv, sizeof(Tcl_Obj *) * ((size_t)objc - 3u)); data/nsf-2.3.0/generic/nsf.c:1554:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tov+2, objv, sizeof(Tcl_Obj *) * (size_t)objc); data/nsf-2.3.0/generic/nsf.c:7474:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1]; data/nsf-2.3.0/generic/nsf.c:13217:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[30]; data/nsf-2.3.0/generic/nsf.c:13220:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, "substdefault", (size_t)len); data/nsf-2.3.0/generic/nsf.c:13223:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + len + 1, "=0b", 3u); data/nsf-2.3.0/generic/nsf.c:13239:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char option[10] = "...."; data/nsf-2.3.0/generic/nsf.c:16161:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tov + 3, objv + 1, sizeof(Tcl_Obj *) * ((size_t)objc - 1u)); data/nsf-2.3.0/generic/nsf.c:18886:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ttPtr, trtPtr, sizeof(Tcl_Time)); data/nsf-2.3.0/generic/nsf.c:20204:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)nobjv, cscPtr->objv, sizeof(Tcl_Obj *) * (size_t)methodNameLength); data/nsf-2.3.0/generic/nsf.c:20225:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nobjv + methodNameLength, objv == NULL ? cscPtr->objv : objv, sizeof(Tcl_Obj *) * (size_t)objc); data/nsf-2.3.0/generic/nsf.c:20793:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[LONG_AS_STRING]; data/nsf-2.3.0/generic/nsf.c:23419:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ov, objv, sizeof(Tcl_Obj *) * (size_t)objc); data/nsf-2.3.0/generic/nsf.c:23493:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ov+outputArg, objv+inputArg, sizeof(Tcl_Obj *) * ((size_t)objc - (size_t)inputArg)); data/nsf-2.3.0/generic/nsf.c:27361:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char trailer[3] = "..."; data/nsf-2.3.0/generic/nsf.c:27362:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[NSF_DEBUG_SHOW_BYTES*2u + sizeof(trailer) + 1u]; data/nsf-2.3.0/generic/nsf.c:27742:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. NSF_DTRACE_CONFIGURE_PROBE((char *)Nsf_Configureoption[option-1], data/nsf-2.3.0/generic/nsf.c:32980:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xov+3, objv, sizeof(Tcl_Obj *) * (size_t)objc); data/nsf-2.3.0/generic/nsf.c:33249:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ov+3, trailingObjv, sizeof(Tcl_Obj *) * (size_t)trailingObjc); data/nsf-2.3.0/generic/nsfFunPtrHashTable.c:130:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&existingValue, &hPtr->key.oneWordValue, sizeof(Nsf_AnyFun *)); data/nsf-2.3.0/generic/nsfFunPtrHashTable.c:166:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&hPtr->key.oneWordValue, &value, sizeof(Nsf_AnyFun *)); data/nsf-2.3.0/generic/nsfInt.h:750:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *methodNames[NSF_s_set_idx+2]; data/nsf-2.3.0/generic/nsfInt.h:753:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char protected[NSF_s_set_idx+2]; data/nsf-2.3.0/generic/nsfObj.c:113:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstMcPtr, srcMcPtr, sizeof(NsfMethodContext)); data/nsf-2.3.0/generic/nsfObj.c:256:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstPtr, srcPtr, sizeof(NsfFlag)); data/nsf-2.3.0/generic/nsfObj.c:402:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstPtr, srcPtr, sizeof(Mixinreg)); data/nsf-2.3.0/generic/nsfObj.c:685:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstPtr, srcPtr, sizeof(Filterreg)); data/nsf-2.3.0/generic/nsfShadow.c:532:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ov+1, objv+1, sizeof(Tcl_Obj *) * ((size_t)objc - 1u)); data/nsf-2.3.0/generic/nsfUtil.c:104:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[LONG_AS_STRING], *pointer = &tmp[1], *string, *p; data/nsf-2.3.0/generic/nsfUtil.c:164:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char chartable[255] = {0}; data/nsf-2.3.0/generic/nsfUtil.c:193:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(currentChar, iss->buffer, iss->bufSize); data/nsf-2.3.0/library/mongodb/nsfmongo.c:202:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oidhex[25]; data/nsf-2.3.0/library/mongodb/nsfmongo.c:285:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[BSON_DECIMAL128_STRING]; data/nsf-2.3.0/library/mongodb/nsfmongo.c:681:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char channelName[80]; data/nsf-2.3.0/library/mongodb/nsfmongo.c:808:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[80]; data/nsf-2.3.0/library/mongodb/nsfmongo.c:1286:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[80]; data/nsf-2.3.0/library/mongodb/nsfmongo.c:1347:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[80]; data/nsf-2.3.0/library/mongodb/nsfmongo.c:1429:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[80]; data/nsf-2.3.0/library/mongodb/nsfmongo.c:1511:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(value, O_RDONLY); data/nsf-2.3.0/library/mongodb/nsfmongo.c:1649:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[80]; data/nsf-2.3.0/win/nmakehlp.c:59:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[STATICBUFFERSIZE]; data/nsf-2.3.0/win/nmakehlp.c:74:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[300]; data/nsf-2.3.0/win/nmakehlp.c:188:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[300]; data/nsf-2.3.0/win/nmakehlp.c:191:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdline[100]; data/nsf-2.3.0/win/nmakehlp.c:231:5: [2] (buffer) lstrcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. Risk is low because the source is a constant string. lstrcpy(cmdline, "cl.exe -nologo -c -TC -Zs -X -Fp.\\_junk.pch "); data/nsf-2.3.0/win/nmakehlp.c:243:5: [2] (buffer) lstrcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Risk is low because the source is a constant string. lstrcat(cmdline, " .\\nul"); data/nsf-2.3.0/win/nmakehlp.c:322:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[300]; data/nsf-2.3.0/win/nmakehlp.c:325:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdline[100]; data/nsf-2.3.0/win/nmakehlp.c:365:5: [2] (buffer) lstrcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. Risk is low because the source is a constant string. lstrcpy(cmdline, "link.exe -nologo "); data/nsf-2.3.0/win/nmakehlp.c:486:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char szBuffer[100]; data/nsf-2.3.0/win/nmakehlp.c:488:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(filename, "rt"); data/nsf-2.3.0/win/nmakehlp.c:519:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(szBuffer, p, q - p); data/nsf-2.3.0/win/nmakehlp.c:594:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char szBuffer[1024], szCopy[1024]; data/nsf-2.3.0/win/nmakehlp.c:599:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "rt"); data/nsf-2.3.0/win/nmakehlp.c:606:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sp = fopen(substitutions, "rt"); data/nsf-2.3.0/win/nmakehlp.c:653:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(szBuffer, szCopy, sizeof(szCopy)); data/nsf-2.3.0/win/nmakehlp.c:677:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szCwd[MAX_PATH + 1]; data/nsf-2.3.0/win/nmakehlp.c:678:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szTmp[MAX_PATH + 1]; data/nsf-2.3.0/generic/nsf.c:1721:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = string + strlen(string); data/nsf-2.3.0/generic/nsf.c:3672:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). objNameLength = strlen(methodName) - strlen(procName) - 2; data/nsf-2.3.0/generic/nsf.c:3672:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). objNameLength = strlen(methodName) - strlen(procName) - 2; data/nsf-2.3.0/generic/nsf.c:4810:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameLength = (int)strlen(varName); data/nsf-2.3.0/generic/nsf.c:5020:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameLength = (int)strlen(varName); data/nsf-2.3.0/generic/nsf.c:6729:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(n); data/nsf-2.3.0/generic/nsf.c:6932:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char *n = nameString + strlen(nameString); data/nsf-2.3.0/generic/nsf.c:10702:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ObjStr(guardObj)) > 0) { data/nsf-2.3.0/generic/nsf.c:12670:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(nameString); data/nsf-2.3.0/generic/nsf.c:17599:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strlen(stringTypeOpts[i]) == optionLength) { data/nsf-2.3.0/generic/nsf.c:17704:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(argString); data/nsf-2.3.0/generic/nsf.c:17899:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). converterNameObj = ParamCheckObj(paramPtr->type, strlen(paramPtr->type)); data/nsf-2.3.0/generic/nsf.c:27368:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buffer, trailer, sizeof(buffer) - strlen(buffer) - 1); data/nsf-2.3.0/generic/nsf.c:27368:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(buffer, trailer, sizeof(buffer) - strlen(buffer) - 1); data/nsf-2.3.0/generic/nsf.c:29224:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(methodName); data/nsf-2.3.0/generic/nsf.c:29294:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ObjStr(nameObj)) == 0) { data/nsf-2.3.0/generic/nsfInt.h:246:82: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). # define STRING_NEW(target, p, l) {char *tempValue = ckalloc((unsigned)(l)+1u); strncpy((tempValue), (p), (l)+1u); *((tempValue)+(l)) = '\0'; target = tempValue; MEM_COUNT_ALLOC(#target, (target));} data/nsf-2.3.0/generic/nsfPointer.c:122:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(prefix, key, strlen(prefix)) == 0) { data/nsf-2.3.0/generic/nsfUtil.c:67:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). needle_len = strlen(needle); data/nsf-2.3.0/library/mongodb/nsfmongo.c:396:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int keyLength = (int)strlen(name); data/nsf-2.3.0/library/mongodb/nsfmongo.c:404:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bson_append_utf8(bbPtr, name, keyLength, string, (int)strlen(string)); data/nsf-2.3.0/library/mongodb/nsfmongo.c:1519:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t n = read(fd, iov.iov_base, MONGOC_GRIDFS_READ_CHUNK); data/nsf-2.3.0/library/mongodb/nsfmongo.c:1536:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mongoc_iovec_t iov = { (char *)value, strlen(value) }; data/nsf-2.3.0/win/nmakehlp.c:504:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(match); data/nsf-2.3.0/win/nmakehlp.c:650:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). op += strlen(p->key); ANALYSIS SUMMARY: Hits = 104 Lines analyzed = 57405 in approximately 1.44 seconds (39960 lines/second) Physical Source Lines of Code (SLOC) = 32800 Hits@level = [0] 228 [1] 25 [2] 64 [3] 4 [4] 11 [5] 0 Hits@level+ = [0+] 332 [1+] 104 [2+] 79 [3+] 15 [4+] 11 [5+] 0 Hits/KSLOC@level+ = [0+] 10.122 [1+] 3.17073 [2+] 2.40854 [3+] 0.457317 [4+] 0.335366 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.