Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/openocd-0.10.0+g20200819/src/main.c
Examining data/openocd-0.10.0+g20200819/src/rtos/eCos.c
Examining data/openocd-0.10.0+g20200819/src/rtos/rtos_ucos_iii_stackings.c
Examining data/openocd-0.10.0+g20200819/src/rtos/rtos.h
Examining data/openocd-0.10.0+g20200819/src/rtos/nuttx_header.h
Examining data/openocd-0.10.0+g20200819/src/rtos/hwthread.c
Examining data/openocd-0.10.0+g20200819/src/rtos/nuttx.c
Examining data/openocd-0.10.0+g20200819/src/rtos/rtos_ucos_iii_stackings.h
Examining data/openocd-0.10.0+g20200819/src/rtos/chibios.c
Examining data/openocd-0.10.0+g20200819/src/rtos/rtos_riot_stackings.h
Examining data/openocd-0.10.0+g20200819/src/rtos/rtos_ecos_stackings.h
Examining data/openocd-0.10.0+g20200819/src/rtos/rtos_chibios_stackings.c
Examining data/openocd-0.10.0+g20200819/src/rtos/rtos.c
Examining data/openocd-0.10.0+g20200819/src/rtos/rtos_embkernel_stackings.h
Examining data/openocd-0.10.0+g20200819/src/rtos/FreeRTOS.c
Examining data/openocd-0.10.0+g20200819/src/rtos/mqx.c
Examining data/openocd-0.10.0+g20200819/src/rtos/linux_header.h
Examining data/openocd-0.10.0+g20200819/src/rtos/embKernel.c
Examining data/openocd-0.10.0+g20200819/src/rtos/rtos_riot_stackings.c
Examining data/openocd-0.10.0+g20200819/src/rtos/rtos_mqx_stackings.h
Examining data/openocd-0.10.0+g20200819/src/rtos/rtos_mqx_stackings.c
Examining data/openocd-0.10.0+g20200819/src/rtos/rtos_ecos_stackings.c
Examining data/openocd-0.10.0+g20200819/src/rtos/rtos_standard_stackings.c
Examining data/openocd-0.10.0+g20200819/src/rtos/linux.c
Examining data/openocd-0.10.0+g20200819/src/rtos/uCOS-III.c
Examining data/openocd-0.10.0+g20200819/src/rtos/rtos_standard_stackings.h
Examining data/openocd-0.10.0+g20200819/src/rtos/ThreadX.c
Examining data/openocd-0.10.0+g20200819/src/rtos/riot.c
Examining data/openocd-0.10.0+g20200819/src/rtos/chromium-ec.c
Examining data/openocd-0.10.0+g20200819/src/rtos/rtos_chibios_stackings.h
Examining data/openocd-0.10.0+g20200819/src/rtos/rtos_embkernel_stackings.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/cc26xx.h
Examining data/openocd-0.10.0+g20200819/src/flash/nor/atsamv.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/stm32lx.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/numicro.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/lpc2900.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/efm32.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/bluenrg-x.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/mdr.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/str9x.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/jtagspi.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/psoc4.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/psoc5lp.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/at91sam4l.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/esirisc_flash.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/stellaris.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/stm32h7x.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/kinetis.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/xcf.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/niietcm4.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/non_cfi.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/at91sam4.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/stmsmi.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/em357.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/virtual.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/dsp5680xx_flash.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/swm050.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/fm3.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/max32xxx.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/tms470.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/cfi.h
Examining data/openocd-0.10.0+g20200819/src/flash/nor/at91sam7.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/stm32l4x.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/stm32f2x.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/fespi.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/sh_qspi.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/lpcspifi.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/str9xpec.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/aduc702x.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/stm32f1x.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/xmc1xxx.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/msp432.h
Examining data/openocd-0.10.0+g20200819/src/flash/nor/lpc2000.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/avrf.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/atsame5.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/core.h
Examining data/openocd-0.10.0+g20200819/src/flash/nor/tcl.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/faux.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/str7x.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/stm32l4x.h
Examining data/openocd-0.10.0+g20200819/src/flash/nor/kinetis_ke.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/nrf5.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/spi.h
Examining data/openocd-0.10.0+g20200819/src/flash/nor/imp.h
Examining data/openocd-0.10.0+g20200819/src/flash/nor/ocl.h
Examining data/openocd-0.10.0+g20200819/src/flash/nor/cc26xx.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/at91samd.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/cfi.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/ambiqmicro.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/cc3220sf.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/fm4.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/bluenrg-x.h
Examining data/openocd-0.10.0+g20200819/src/flash/nor/w600.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/driver.h
Examining data/openocd-0.10.0+g20200819/src/flash/nor/at91sam3.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/psoc6.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/lpc288x.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/mrvlqspi.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/aducm360.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/xmc4xxx.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/msp432.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/cc3220sf.h
Examining data/openocd-0.10.0+g20200819/src/flash/nor/ocl.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/sim3x.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/drivers.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/spi.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/non_cfi.h
Examining data/openocd-0.10.0+g20200819/src/flash/nor/pic32mx.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/core.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/renesas_rpchf.c
Examining data/openocd-0.10.0+g20200819/src/flash/nor/ath79.c
Examining data/openocd-0.10.0+g20200819/src/flash/common.h
Examining data/openocd-0.10.0+g20200819/src/flash/nand/ecc_kw.c
Examining data/openocd-0.10.0+g20200819/src/flash/nand/s3c2440.c
Examining data/openocd-0.10.0+g20200819/src/flash/nand/s3c6400.c
Examining data/openocd-0.10.0+g20200819/src/flash/nand/nonce.c
Examining data/openocd-0.10.0+g20200819/src/flash/nand/mxc.h
Examining data/openocd-0.10.0+g20200819/src/flash/nand/arm_io.h
Examining data/openocd-0.10.0+g20200819/src/flash/nand/s3c2412.c
Examining data/openocd-0.10.0+g20200819/src/flash/nand/mx3.h
Examining data/openocd-0.10.0+g20200819/src/flash/nand/s3c24xx_regs.h
Examining data/openocd-0.10.0+g20200819/src/flash/nand/fileio.h
Examining data/openocd-0.10.0+g20200819/src/flash/nand/orion.c
Examining data/openocd-0.10.0+g20200819/src/flash/nand/driver.c
Examining data/openocd-0.10.0+g20200819/src/flash/nand/davinci.c
Examining data/openocd-0.10.0+g20200819/src/flash/nand/lpc3180.h
Examining data/openocd-0.10.0+g20200819/src/flash/nand/core.h
Examining data/openocd-0.10.0+g20200819/src/flash/nand/tcl.c
Examining data/openocd-0.10.0+g20200819/src/flash/nand/s3c24xx.c
Examining data/openocd-0.10.0+g20200819/src/flash/nand/lpc3180.c
Examining data/openocd-0.10.0+g20200819/src/flash/nand/s3c2443.c
Examining data/openocd-0.10.0+g20200819/src/flash/nand/at91sam9.c
Examining data/openocd-0.10.0+g20200819/src/flash/nand/s3c24xx.h
Examining data/openocd-0.10.0+g20200819/src/flash/nand/fileio.c
Examining data/openocd-0.10.0+g20200819/src/flash/nand/arm_io.c
Examining data/openocd-0.10.0+g20200819/src/flash/nand/imp.h
Examining data/openocd-0.10.0+g20200819/src/flash/nand/mx3.c
Examining data/openocd-0.10.0+g20200819/src/flash/nand/lpc32xx.h
Examining data/openocd-0.10.0+g20200819/src/flash/nand/s3c2410.c
Examining data/openocd-0.10.0+g20200819/src/flash/nand/ecc.c
Examining data/openocd-0.10.0+g20200819/src/flash/nand/driver.h
Examining data/openocd-0.10.0+g20200819/src/flash/nand/nuc910.c
Examining data/openocd-0.10.0+g20200819/src/flash/nand/nuc910.h
Examining data/openocd-0.10.0+g20200819/src/flash/nand/lpc32xx.c
Examining data/openocd-0.10.0+g20200819/src/flash/nand/mxc.c
Examining data/openocd-0.10.0+g20200819/src/flash/nand/core.c
Examining data/openocd-0.10.0+g20200819/src/flash/common.c
Examining data/openocd-0.10.0+g20200819/src/helper/ioutil.h
Examining data/openocd-0.10.0+g20200819/src/helper/jim-nvp.c
Examining data/openocd-0.10.0+g20200819/src/helper/ioutil.c
Examining data/openocd-0.10.0+g20200819/src/helper/time_support_common.c
Examining data/openocd-0.10.0+g20200819/src/helper/configuration.h
Examining data/openocd-0.10.0+g20200819/src/helper/options.c
Examining data/openocd-0.10.0+g20200819/src/helper/ioutil_stubs.c
Examining data/openocd-0.10.0+g20200819/src/helper/jep106.h
Examining data/openocd-0.10.0+g20200819/src/helper/fileio.h
Examining data/openocd-0.10.0+g20200819/src/helper/replacements.h
Examining data/openocd-0.10.0+g20200819/src/helper/util.c
Examining data/openocd-0.10.0+g20200819/src/helper/binarybuffer.c
Examining data/openocd-0.10.0+g20200819/src/helper/command.h
Examining data/openocd-0.10.0+g20200819/src/helper/system.h
Examining data/openocd-0.10.0+g20200819/src/helper/list.h
Examining data/openocd-0.10.0+g20200819/src/helper/bits.h
Examining data/openocd-0.10.0+g20200819/src/helper/configuration.c
Examining data/openocd-0.10.0+g20200819/src/helper/command.c
Examining data/openocd-0.10.0+g20200819/src/helper/fileio.c
Examining data/openocd-0.10.0+g20200819/src/helper/jep106.c
Examining data/openocd-0.10.0+g20200819/src/helper/jim-nvp.h
Examining data/openocd-0.10.0+g20200819/src/helper/util.h
Examining data/openocd-0.10.0+g20200819/src/helper/time_support.c
Examining data/openocd-0.10.0+g20200819/src/helper/types.h
Examining data/openocd-0.10.0+g20200819/src/helper/time_support.h
Examining data/openocd-0.10.0+g20200819/src/helper/binarybuffer.h
Examining data/openocd-0.10.0+g20200819/src/helper/log.c
Examining data/openocd-0.10.0+g20200819/src/helper/log.h
Examining data/openocd-0.10.0+g20200819/src/helper/replacements.c
Examining data/openocd-0.10.0+g20200819/src/hello.h
Examining data/openocd-0.10.0+g20200819/src/server/tcl_server.h
Examining data/openocd-0.10.0+g20200819/src/server/telnet_server.c
Examining data/openocd-0.10.0+g20200819/src/server/tcl_server.c
Examining data/openocd-0.10.0+g20200819/src/server/telnet_server.h
Examining data/openocd-0.10.0+g20200819/src/server/server.h
Examining data/openocd-0.10.0+g20200819/src/server/server_stubs.c
Examining data/openocd-0.10.0+g20200819/src/server/gdb_server.c
Examining data/openocd-0.10.0+g20200819/src/server/gdb_server.h
Examining data/openocd-0.10.0+g20200819/src/server/server.c
Examining data/openocd-0.10.0+g20200819/src/pld/pld.c
Examining data/openocd-0.10.0+g20200819/src/pld/virtex2.c
Examining data/openocd-0.10.0+g20200819/src/pld/pld.h
Examining data/openocd-0.10.0+g20200819/src/pld/virtex2.h
Examining data/openocd-0.10.0+g20200819/src/pld/xilinx_bit.h
Examining data/openocd-0.10.0+g20200819/src/pld/xilinx_bit.c
Examining data/openocd-0.10.0+g20200819/src/jtag/minidummy/jtag_minidriver.h
Examining data/openocd-0.10.0+g20200819/src/jtag/minidummy/minidummy.c
Examining data/openocd-0.10.0+g20200819/src/jtag/interfaces.c
Examining data/openocd-0.10.0+g20200819/src/jtag/aice/aice_usb.h
Examining data/openocd-0.10.0+g20200819/src/jtag/aice/aice_transport.h
Examining data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c
Examining data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.h
Examining data/openocd-0.10.0+g20200819/src/jtag/aice/aice_usb.c
Examining data/openocd-0.10.0+g20200819/src/jtag/aice/aice_port.c
Examining data/openocd-0.10.0+g20200819/src/jtag/aice/aice_interface.h
Examining data/openocd-0.10.0+g20200819/src/jtag/aice/aice_port.h
Examining data/openocd-0.10.0+g20200819/src/jtag/aice/aice_interface.c
Examining data/openocd-0.10.0+g20200819/src/jtag/aice/aice_transport.c
Examining data/openocd-0.10.0+g20200819/src/jtag/swd.h
Examining data/openocd-0.10.0+g20200819/src/jtag/swim.h
Examining data/openocd-0.10.0+g20200819/src/jtag/swim.c
Examining data/openocd-0.10.0+g20200819/src/jtag/hla/hla_interface.c
Examining data/openocd-0.10.0+g20200819/src/jtag/hla/hla_transport.c
Examining data/openocd-0.10.0+g20200819/src/jtag/hla/hla_interface.h
Examining data/openocd-0.10.0+g20200819/src/jtag/hla/hla_transport.h
Examining data/openocd-0.10.0+g20200819/src/jtag/hla/hla_tcl.h
Examining data/openocd-0.10.0+g20200819/src/jtag/hla/hla_tcl.c
Examining data/openocd-0.10.0+g20200819/src/jtag/hla/hla_layout.h
Examining data/openocd-0.10.0+g20200819/src/jtag/hla/hla_layout.c
Examining data/openocd-0.10.0+g20200819/src/jtag/interfaces.h
Examining data/openocd-0.10.0+g20200819/src/jtag/tcl.h
Examining data/openocd-0.10.0+g20200819/src/jtag/interface.h
Examining data/openocd-0.10.0+g20200819/src/jtag/minidriver.h
Examining data/openocd-0.10.0+g20200819/src/jtag/tcl.c
Examining data/openocd-0.10.0+g20200819/src/jtag/minidriver/minidriver_imp.h
Examining data/openocd-0.10.0+g20200819/src/jtag/interface.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/xds110.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/openjtag.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/mpsse.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/buspirate.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/vsllink.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/ftdi.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/rlink_speed_table.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/usbprog.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/bitbang.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/mpsse.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/stlink_usb.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/parport.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/rshim.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/bcm2835gpio.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/rlink_ep1_cmd.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/gw16012.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/opendous.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/amt_jtagaccel.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/rlink_st7.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/jtag_usb_common.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/rlink.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/bitq.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/bitq.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/libusb_helper.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/driver.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/kitprog.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/nulink_usb.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/remote_bitbang.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/dummy.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/cmsis_dap_usb.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/ti_icdi_usb.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/ft232r.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/imx_gpio.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/versaloon/usbtoxxx/usbtojtagraw.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/versaloon/usbtoxxx/usbtoxxx.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/versaloon/usbtoxxx/usbtoxxx.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/versaloon/usbtoxxx/usbtoswd.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/versaloon/usbtoxxx/usbtopwr.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/versaloon/usbtoxxx/usbtoxxx_internal.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/versaloon/usbtoxxx/usbtogpio.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/versaloon/versaloon_internal.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/versaloon/versaloon.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/versaloon/versaloon.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/versaloon/versaloon_include.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/osbdm.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/arm-jtag-ew.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/jlink.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/at91rm9200.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/jtag_vpi.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/OpenULINK/include/common.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/OpenULINK/include/reg_ezusb.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/OpenULINK/include/usb.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/OpenULINK/include/io.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/OpenULINK/include/main.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/OpenULINK/include/msgtypes.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/OpenULINK/include/delay.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/OpenULINK/include/jtag.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/OpenULINK/include/protocol.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/OpenULINK/src/delay.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/OpenULINK/src/main.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/OpenULINK/src/jtag.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/OpenULINK/src/protocol.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/OpenULINK/src/usb.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/jtag_usb_common.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/ulink.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/rlink_dtc_cmd.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/libusb_helper.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/presto.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/ep93xx.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/usb_common.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/usb_common.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/xlnx-pcie-xvc.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/rlink.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/usb_blaster/ublast_access_ftdi.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/usb_blaster/ublast_access.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/usb_blaster/ublast2_access_libusb.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/usb_blaster/usb_blaster.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/linuxgpiod.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/minidriver_imp.h
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/sysfsgpio.c
Examining data/openocd-0.10.0+g20200819/src/jtag/drivers/bitbang.c
Examining data/openocd-0.10.0+g20200819/src/jtag/commands.c
Examining data/openocd-0.10.0+g20200819/src/jtag/driver.h
Examining data/openocd-0.10.0+g20200819/src/jtag/adapter.c
Examining data/openocd-0.10.0+g20200819/src/jtag/zy1000/jtag_minidriver.h
Examining data/openocd-0.10.0+g20200819/src/jtag/zy1000/zy1000.c
Examining data/openocd-0.10.0+g20200819/src/jtag/jtag.h
Examining data/openocd-0.10.0+g20200819/src/jtag/core.c
Examining data/openocd-0.10.0+g20200819/src/jtag/commands.h
Examining data/openocd-0.10.0+g20200819/src/openocd.c
Examining data/openocd-0.10.0+g20200819/src/xsvf/xsvf.h
Examining data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c
Examining data/openocd-0.10.0+g20200819/src/transport/transport.c
Examining data/openocd-0.10.0+g20200819/src/transport/transport.h
Examining data/openocd-0.10.0+g20200819/src/target/arm7tdmi.c
Examining data/openocd-0.10.0+g20200819/src/target/x86_32_common.h
Examining data/openocd-0.10.0+g20200819/src/target/cortex_a.c
Examining data/openocd-0.10.0+g20200819/src/target/nds32.c
Examining data/openocd-0.10.0+g20200819/src/target/mips_mips64.h
Examining data/openocd-0.10.0+g20200819/src/target/lakemont.c
Examining data/openocd-0.10.0+g20200819/src/target/armv4_5_mmu.h
Examining data/openocd-0.10.0+g20200819/src/target/feroceon.c
Examining data/openocd-0.10.0+g20200819/src/target/nds32_tlb.c
Examining data/openocd-0.10.0+g20200819/src/target/dsp563xx_once.h
Examining data/openocd-0.10.0+g20200819/src/target/avr32_regs.c
Examining data/openocd-0.10.0+g20200819/src/target/arm11.h
Examining data/openocd-0.10.0+g20200819/src/target/target.c
Examining data/openocd-0.10.0+g20200819/src/target/arm720t.c
Examining data/openocd-0.10.0+g20200819/src/target/stm8.h
Examining data/openocd-0.10.0+g20200819/src/target/arm11_dbgtap.h
Examining data/openocd-0.10.0+g20200819/src/target/armv7m.c
Examining data/openocd-0.10.0+g20200819/src/target/arm_dpm.h
Examining data/openocd-0.10.0+g20200819/src/target/arm966e.h
Examining data/openocd-0.10.0+g20200819/src/target/nds32_reg.h
Examining data/openocd-0.10.0+g20200819/src/target/arm_disassembler.h
Examining data/openocd-0.10.0+g20200819/src/target/armv4_5_cache.c
Examining data/openocd-0.10.0+g20200819/src/target/nds32_reg.c
Examining data/openocd-0.10.0+g20200819/src/target/avr32_mem.c
Examining data/openocd-0.10.0+g20200819/src/target/arm920t.h
Examining data/openocd-0.10.0+g20200819/src/target/etb.c
Examining data/openocd-0.10.0+g20200819/src/target/avr32_regs.h
Examining data/openocd-0.10.0+g20200819/src/target/aarch64.h
Examining data/openocd-0.10.0+g20200819/src/target/mips32.c
Examining data/openocd-0.10.0+g20200819/src/target/nds32_v3_common.h
Examining data/openocd-0.10.0+g20200819/src/target/nds32.h
Examining data/openocd-0.10.0+g20200819/src/target/arm720t.h
Examining data/openocd-0.10.0+g20200819/src/target/arm_semihosting.c
Examining data/openocd-0.10.0+g20200819/src/target/arm7_9_common.h
Examining data/openocd-0.10.0+g20200819/src/target/armv4_5.h
Examining data/openocd-0.10.0+g20200819/src/target/arm926ejs.h
Examining data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c
Examining data/openocd-0.10.0+g20200819/src/target/armv8_cache.h
Examining data/openocd-0.10.0+g20200819/src/target/avr32_ap7k.h
Examining data/openocd-0.10.0+g20200819/src/target/mips32_pracc.c
Examining data/openocd-0.10.0+g20200819/src/target/algorithm.h
Examining data/openocd-0.10.0+g20200819/src/target/mips64.c
Examining data/openocd-0.10.0+g20200819/src/target/armv7a_cache.c
Examining data/openocd-0.10.0+g20200819/src/target/mem_ap.c
Examining data/openocd-0.10.0+g20200819/src/target/quark_x10xx.c
Examining data/openocd-0.10.0+g20200819/src/target/avr32_jtag.h
Examining data/openocd-0.10.0+g20200819/src/target/arc_jtag.c
Examining data/openocd-0.10.0+g20200819/src/target/arc.h
Examining data/openocd-0.10.0+g20200819/src/target/mips_m4k.h
Examining data/openocd-0.10.0+g20200819/src/target/trace.c
Examining data/openocd-0.10.0+g20200819/src/target/dsp563xx.h
Examining data/openocd-0.10.0+g20200819/src/target/target_type.h
Examining data/openocd-0.10.0+g20200819/src/target/image.h
Examining data/openocd-0.10.0+g20200819/src/target/xscale.c
Examining data/openocd-0.10.0+g20200819/src/target/mips32_dmaacc.c
Examining data/openocd-0.10.0+g20200819/src/target/nds32_cmd.h
Examining data/openocd-0.10.0+g20200819/src/target/armv7a_mmu.c
Examining data/openocd-0.10.0+g20200819/src/target/oocd_trace.h
Examining data/openocd-0.10.0+g20200819/src/target/embeddedice.c
Examining data/openocd-0.10.0+g20200819/src/target/arm7tdmi.h
Examining data/openocd-0.10.0+g20200819/src/target/arc_cmd.h
Examining data/openocd-0.10.0+g20200819/src/target/arc_mem.c
Examining data/openocd-0.10.0+g20200819/src/target/nds32_insn.h
Examining data/openocd-0.10.0+g20200819/src/target/arm920t.c
Examining data/openocd-0.10.0+g20200819/src/target/etm_dummy.c
Examining data/openocd-0.10.0+g20200819/src/target/esirisc_jtag.c
Examining data/openocd-0.10.0+g20200819/src/target/armv7a_mmu.h
Examining data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c
Examining data/openocd-0.10.0+g20200819/src/target/riscv/riscv.c
Examining data/openocd-0.10.0+g20200819/src/target/riscv/debug_defines.h
Examining data/openocd-0.10.0+g20200819/src/target/riscv/encoding.h
Examining data/openocd-0.10.0+g20200819/src/target/riscv/asm.h
Examining data/openocd-0.10.0+g20200819/src/target/riscv/riscv.h
Examining data/openocd-0.10.0+g20200819/src/target/riscv/program.h
Examining data/openocd-0.10.0+g20200819/src/target/riscv/opcodes.h
Examining data/openocd-0.10.0+g20200819/src/target/riscv/riscv_semihosting.c
Examining data/openocd-0.10.0+g20200819/src/target/riscv/batch.c
Examining data/openocd-0.10.0+g20200819/src/target/riscv/batch.h
Examining data/openocd-0.10.0+g20200819/src/target/riscv/riscv-011.c
Examining data/openocd-0.10.0+g20200819/src/target/riscv/program.c
Examining data/openocd-0.10.0+g20200819/src/target/riscv/gdb_regs.h
Examining data/openocd-0.10.0+g20200819/src/target/esirisc.h
Examining data/openocd-0.10.0+g20200819/src/target/aarch64.c
Examining data/openocd-0.10.0+g20200819/src/target/breakpoints.c
Examining data/openocd-0.10.0+g20200819/src/target/arc_cmd.c
Examining data/openocd-0.10.0+g20200819/src/target/register.c
Examining data/openocd-0.10.0+g20200819/src/target/esirisc.c
Examining data/openocd-0.10.0+g20200819/src/target/arm_cti.c
Examining data/openocd-0.10.0+g20200819/src/target/nds32_v3m.h
Examining data/openocd-0.10.0+g20200819/src/target/dsp563xx_once.c
Examining data/openocd-0.10.0+g20200819/src/target/armv7m_trace.h
Examining data/openocd-0.10.0+g20200819/src/target/armv8.h
Examining data/openocd-0.10.0+g20200819/src/target/x86_32_common.c
Examining data/openocd-0.10.0+g20200819/src/target/arm_opcodes.h
Examining data/openocd-0.10.0+g20200819/src/target/nds32_v2.h
Examining data/openocd-0.10.0+g20200819/src/target/trace.h
Examining data/openocd-0.10.0+g20200819/src/target/cortex_m.h
Examining data/openocd-0.10.0+g20200819/src/target/armv8_dpm.h
Examining data/openocd-0.10.0+g20200819/src/target/esirisc_regs.h
Examining data/openocd-0.10.0+g20200819/src/target/fa526.c
Examining data/openocd-0.10.0+g20200819/src/target/arm_jtag.h
Examining data/openocd-0.10.0+g20200819/src/target/mips_mips64.c
Examining data/openocd-0.10.0+g20200819/src/target/nds32_v3.h
Examining data/openocd-0.10.0+g20200819/src/target/mips_m4k.c
Examining data/openocd-0.10.0+g20200819/src/target/nds32_aice.c
Examining data/openocd-0.10.0+g20200819/src/target/dsp5680xx.c
Examining data/openocd-0.10.0+g20200819/src/target/etb.h
Examining data/openocd-0.10.0+g20200819/src/target/dsp5680xx.h
Examining data/openocd-0.10.0+g20200819/src/target/armv8_opcodes.c
Examining data/openocd-0.10.0+g20200819/src/target/arm_jtag.c
Examining data/openocd-0.10.0+g20200819/src/target/avrt.h
Examining data/openocd-0.10.0+g20200819/src/target/nds32_v3.c
Examining data/openocd-0.10.0+g20200819/src/target/mips64.h
Examining data/openocd-0.10.0+g20200819/src/target/esirisc_jtag.h
Examining data/openocd-0.10.0+g20200819/src/target/arm946e.h
Examining data/openocd-0.10.0+g20200819/src/target/image.c
Examining data/openocd-0.10.0+g20200819/src/target/cortex_m.c
Examining data/openocd-0.10.0+g20200819/src/target/target_request.h
Examining data/openocd-0.10.0+g20200819/src/target/stm8.c
Examining data/openocd-0.10.0+g20200819/src/target/arm_semihosting.h
Examining data/openocd-0.10.0+g20200819/src/target/mips_ejtag.h
Examining data/openocd-0.10.0+g20200819/src/target/armv7m.h
Examining data/openocd-0.10.0+g20200819/src/target/armv4_5.c
Examining data/openocd-0.10.0+g20200819/src/target/nds32_aice.h
Examining data/openocd-0.10.0+g20200819/src/target/nds32_v2.c
Examining data/openocd-0.10.0+g20200819/src/target/nds32_cmd.c
Examining data/openocd-0.10.0+g20200819/src/target/arm_cti.h
Examining data/openocd-0.10.0+g20200819/src/target/arc_jtag.h
Examining data/openocd-0.10.0+g20200819/src/target/arm7_9_common.c
Examining data/openocd-0.10.0+g20200819/src/target/armv4_5_cache.h
Examining data/openocd-0.10.0+g20200819/src/target/arm926ejs.c
Examining data/openocd-0.10.0+g20200819/src/target/algorithm.c
Examining data/openocd-0.10.0+g20200819/src/target/openrisc/or1k_tap_mohor.c
Examining data/openocd-0.10.0+g20200819/src/target/openrisc/or1k_tap.h
Examining data/openocd-0.10.0+g20200819/src/target/openrisc/or1k.c
Examining data/openocd-0.10.0+g20200819/src/target/openrisc/or1k_tap_vjtag.c
Examining data/openocd-0.10.0+g20200819/src/target/openrisc/jsp_server.c
Examining data/openocd-0.10.0+g20200819/src/target/openrisc/or1k.h
Examining data/openocd-0.10.0+g20200819/src/target/openrisc/or1k_du.h
Examining data/openocd-0.10.0+g20200819/src/target/openrisc/or1k_tap_xilinx_bscan.c
Examining data/openocd-0.10.0+g20200819/src/target/openrisc/or1k_du_adv.c
Examining data/openocd-0.10.0+g20200819/src/target/openrisc/jsp_server.h
Examining data/openocd-0.10.0+g20200819/src/target/armv7m_trace.c
Examining data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c
Examining data/openocd-0.10.0+g20200819/src/target/ls1_sap.c
Examining data/openocd-0.10.0+g20200819/src/target/testee.c
Examining data/openocd-0.10.0+g20200819/src/target/arm_adi_v5.h
Examining data/openocd-0.10.0+g20200819/src/target/mips32_dmaacc.h
Examining data/openocd-0.10.0+g20200819/src/target/armv8_opcodes.h
Examining data/openocd-0.10.0+g20200819/src/target/armv7a_cache.h
Examining data/openocd-0.10.0+g20200819/src/target/target_request.c
Examining data/openocd-0.10.0+g20200819/src/target/register.h
Examining data/openocd-0.10.0+g20200819/src/target/arm9tdmi.h
Examining data/openocd-0.10.0+g20200819/src/target/dsp563xx.c
Examining data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.h
Examining data/openocd-0.10.0+g20200819/src/target/oocd_trace.c
Examining data/openocd-0.10.0+g20200819/src/target/esirisc_trace.c
Examining data/openocd-0.10.0+g20200819/src/target/breakpoints.h
Examining data/openocd-0.10.0+g20200819/src/target/armv8_dpm.c
Examining data/openocd-0.10.0+g20200819/src/target/adi_v5_swd.c
Examining data/openocd-0.10.0+g20200819/src/target/mips_ejtag.c
Examining data/openocd-0.10.0+g20200819/src/target/armv4_5_mmu.c
Examining data/openocd-0.10.0+g20200819/src/target/arc_mem.h
Examining data/openocd-0.10.0+g20200819/src/target/embeddedice.h
Examining data/openocd-0.10.0+g20200819/src/target/target.h
Examining data/openocd-0.10.0+g20200819/src/target/arm_dpm.c
Examining data/openocd-0.10.0+g20200819/src/target/armv8_cache.c
Examining data/openocd-0.10.0+g20200819/src/target/nds32_v3_common.c
Examining data/openocd-0.10.0+g20200819/src/target/avrt.c
Examining data/openocd-0.10.0+g20200819/src/target/semihosting_common.c
Examining data/openocd-0.10.0+g20200819/src/target/arm.h
Examining data/openocd-0.10.0+g20200819/src/target/lakemont.h
Examining data/openocd-0.10.0+g20200819/src/target/armv7a.h
Examining data/openocd-0.10.0+g20200819/src/target/arm_simulator.h
Examining data/openocd-0.10.0+g20200819/src/target/mips32.h
Examining data/openocd-0.10.0+g20200819/src/target/etm_dummy.h
Examining data/openocd-0.10.0+g20200819/src/target/armv8.c
Examining data/openocd-0.10.0+g20200819/src/target/esirisc_trace.h
Examining data/openocd-0.10.0+g20200819/src/target/xscale.h
Examining data/openocd-0.10.0+g20200819/src/target/armv7a_cache_l2x.c
Examining data/openocd-0.10.0+g20200819/src/target/nds32_edm.h
Examining data/openocd-0.10.0+g20200819/src/target/arm11.c
Examining data/openocd-0.10.0+g20200819/src/target/cortex_a.h
Examining data/openocd-0.10.0+g20200819/src/target/armv7a.c
Examining data/openocd-0.10.0+g20200819/src/target/arm_adi_v5.c
Examining data/openocd-0.10.0+g20200819/src/target/mips64_pracc.c
Examining data/openocd-0.10.0+g20200819/src/target/arm_simulator.c
Examining data/openocd-0.10.0+g20200819/src/target/avr32_mem.h
Examining data/openocd-0.10.0+g20200819/src/target/arm9tdmi.c
Examining data/openocd-0.10.0+g20200819/src/target/semihosting_common.h
Examining data/openocd-0.10.0+g20200819/src/target/mips32_pracc.h
Examining data/openocd-0.10.0+g20200819/src/target/adi_v5_dapdirect.c
Examining data/openocd-0.10.0+g20200819/src/target/quark_d20xx.c
Examining data/openocd-0.10.0+g20200819/src/target/etm.c
Examining data/openocd-0.10.0+g20200819/src/target/arm_dap.c
Examining data/openocd-0.10.0+g20200819/src/target/hla_target.c
Examining data/openocd-0.10.0+g20200819/src/target/avr32_ap7k.c
Examining data/openocd-0.10.0+g20200819/src/target/mips64_pracc.h
Examining data/openocd-0.10.0+g20200819/src/target/smp.c
Examining data/openocd-0.10.0+g20200819/src/target/arm966e.c
Examining data/openocd-0.10.0+g20200819/src/target/avr32_jtag.c
Examining data/openocd-0.10.0+g20200819/src/target/adi_v5_jtag.c
Examining data/openocd-0.10.0+g20200819/src/target/arm946e.c
Examining data/openocd-0.10.0+g20200819/src/target/nds32_v3m.c
Examining data/openocd-0.10.0+g20200819/src/target/armv7a_cache_l2x.h
Examining data/openocd-0.10.0+g20200819/src/target/smp.h
Examining data/openocd-0.10.0+g20200819/src/target/arc.c
Examining data/openocd-0.10.0+g20200819/src/target/etm.h
Examining data/openocd-0.10.0+g20200819/src/target/arm11_dbgtap.c
Examining data/openocd-0.10.0+g20200819/src/target/nds32_tlb.h
Examining data/openocd-0.10.0+g20200819/src/hello.c
Examining data/openocd-0.10.0+g20200819/src/svf/svf.c
Examining data/openocd-0.10.0+g20200819/src/svf/svf.h
Examining data/openocd-0.10.0+g20200819/src/openocd.h
Examining data/openocd-0.10.0+g20200819/contrib/libdcc/dcc_stdio.c
Examining data/openocd-0.10.0+g20200819/contrib/libdcc/example.c
Examining data/openocd-0.10.0+g20200819/contrib/libdcc/dcc_stdio.h
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/cc26xx/main.c
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/cc26xx/startup.c
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/cc26xx/flash.h
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/cc26xx/hw_regs.h
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/cc26xx/flashloader.h
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/cc26xx/flashloader.c
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/cc26xx/flash.c
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/bluenrg-x/bluenrg-x_write.c
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/at91sam7x/dcc.c
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/at91sam7x/main.c
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/at91sam7x/samflash.c
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/at91sam7x/samflash.h
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/at91sam7x/dcc.h
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/at91sam7x/samregs.h
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/at91sam7x/ocl.h
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/at91sam7x/platform.h
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/msp432/driverlib.c
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/msp432/startup_msp432e4.c
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/msp432/main_msp432e4x.c
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/msp432/driverlib.h
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/msp432/msp432p401x.h
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/msp432/MSP432P4_FlashLibIf.h
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/msp432/main_msp432p401x.c
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/msp432/startup_msp432p4.c
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/msp432/main_msp432p411x.c
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/msp432/MSP432E4_FlashLibIf.h
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/msp432/msp432e4x.h
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/msp432/msp432p411x.h
Examining data/openocd-0.10.0+g20200819/contrib/loaders/flash/fm4/fm4.h
Examining data/openocd-0.10.0+g20200819/contrib/loaders/debug/xscale/protocol.h
Examining data/openocd-0.10.0+g20200819/contrib/remote_bitbang/remote_bitbang_sysfsgpio.c
Examining data/openocd-0.10.0+g20200819/contrib/itmdump.c
Examining data/openocd-0.10.0+g20200819/contrib/rtos-helpers/uCOS-III-openocd.c
Examining data/openocd-0.10.0+g20200819/contrib/rtos-helpers/FreeRTOS-openocd.c
FINAL RESULTS:
data/openocd-0.10.0+g20200819/contrib/remote_bitbang/remote_bitbang_sysfsgpio.c:51:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, __VA_ARGS__); \
data/openocd-0.10.0+g20200819/src/flash/nor/at91sam4.c:2599:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buf_size,
data/openocd-0.10.0+g20200819/src/flash/nor/esirisc_flash.c:496:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buf_size,
data/openocd-0.10.0+g20200819/src/flash/nor/kinetis.c:2131:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, kinetis_types_old[idx].name);
data/openocd-0.10.0+g20200819/src/flash/nor/kinetis.c:2615:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(k_chip->name, sizeof(k_chip->name), name, flash_marking);
data/openocd-0.10.0+g20200819/src/flash/nor/kinetis.c:2794:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buf_size,
data/openocd-0.10.0+g20200819/src/flash/nor/kinetis_ke.c:1179:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(void) snprintf(buf, buf_size,
data/openocd-0.10.0+g20200819/src/flash/nor/max32xxx.c:810:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (1 != sscanf(CMD_ARGV[1], "0x%"SCNx32, &addr)) {
data/openocd-0.10.0+g20200819/src/flash/nor/max32xxx.c:818:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (1 != sscanf(CMD_ARGV[2], "0x%"SCNx32, &len)) {
data/openocd-0.10.0+g20200819/src/flash/nor/max32xxx.c:866:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (1 != sscanf(CMD_ARGV[1], "0x%"SCNx32, &addr)) {
data/openocd-0.10.0+g20200819/src/flash/nor/max32xxx.c:874:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (1 != sscanf(CMD_ARGV[2], "0x%"SCNx32, &len)) {
data/openocd-0.10.0+g20200819/src/flash/nor/msp432.c:943:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, bank->name);
data/openocd-0.10.0+g20200819/src/flash/nor/msp432.c:989:15: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
printed = snprintf(buf, buf_size,
data/openocd-0.10.0+g20200819/src/flash/nor/msp432.c:994:15: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
printed = snprintf(buf, buf_size,
data/openocd-0.10.0+g20200819/src/flash/nor/niietcm4.c:1590:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(info_bootflash_addr_str, sizeof(info_bootflash_addr_str),
data/openocd-0.10.0+g20200819/src/flash/nor/psoc4.c:887:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
printed = snprintf(buf, buf_size, "Family id mismatch 0x%02" PRIx16
data/openocd-0.10.0+g20200819/src/flash/nor/stellaris.c:517:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf,
data/openocd-0.10.0+g20200819/src/flash/nor/virtual.c:182:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buf_size, "%s driver for flash bank %s at " TARGET_ADDR_FMT,
data/openocd-0.10.0+g20200819/src/helper/command.c:539:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, c->name);
data/openocd-0.10.0+g20200819/src/helper/command.c:544:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(name, dstr);
data/openocd-0.10.0+g20200819/src/helper/command.c:545:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(name, c->name);
data/openocd-0.10.0+g20200819/src/helper/command.h:37:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINTF_ATTRIBUTE_FORMAT printf
data/openocd-0.10.0+g20200819/src/helper/fileio.c:37:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
enum fileio_access access;
data/openocd-0.10.0+g20200819/src/helper/fileio.c:61:18: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
switch (fileio->access) {
data/openocd-0.10.0+g20200819/src/helper/fileio.c:96:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((fileio->access != FILEIO_WRITE) || (fileio->access == FILEIO_READWRITE)) {
data/openocd-0.10.0+g20200819/src/helper/log.c:361:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(NULL, 0, fmt, ap_copy);
data/openocd-0.10.0+g20200819/src/helper/log.c:373:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(string, len + 1, fmt, ap);
data/openocd-0.10.0+g20200819/src/helper/log.h:36:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINTF_ATTRIBUTE_FORMAT printf
data/openocd-0.10.0+g20200819/src/helper/options.c:176:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(relpath, to);
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:221:6: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (execl(param->adapter_name, param->adapter_name, (char *)0) < 0) {
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_transport.c:103:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s.%s", pTap->chip, pTap->tapname);
data/openocd-0.10.0+g20200819/src/jtag/drivers/arm-jtag-ew.c:792:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, s);
data/openocd-0.10.0+g20200819/src/jtag/drivers/at91rm9200.c:173:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(at91rm9200_device, CMD_ARGV[0]);
data/openocd-0.10.0+g20200819/src/jtag/drivers/buspirate.c:1286:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, tmp);
data/openocd-0.10.0+g20200819/src/jtag/drivers/jlink.c:1449:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(CMD_ARGV[0], "%" SCNd8, &tmp) != 1) {
data/openocd-0.10.0+g20200819/src/jtag/drivers/opendous.c:828:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, s);
data/openocd-0.10.0+g20200819/src/jtag/drivers/openjtag.c:183:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, s);
data/openocd-0.10.0+g20200819/src/jtag/drivers/parport.c:429:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(parport_cable, CMD_ARGV[0]);
data/openocd-0.10.0+g20200819/src/jtag/drivers/ti_icdi_usb.c:138:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
len += sprintf(&h->write_buffer[len], PACKET_END "%02x", cksum);
data/openocd-0.10.0+g20200819/src/jtag/drivers/ti_icdi_usb.c:236:16: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int cmd_len = snprintf(h->write_buffer, h->max_packet, PACKET_START "%s", cmd);
data/openocd-0.10.0+g20200819/src/jtag/drivers/ti_icdi_usb.c:244:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
size_t cmd_len = sprintf(h->write_buffer, PACKET_START "qRcmd,");
data/openocd-0.10.0+g20200819/src/jtag/drivers/ti_icdi_usb.c:538:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(cmd, sizeof(cmd), "x%" PRIx32 ",%" PRIx32, addr, len);
data/openocd-0.10.0+g20200819/src/jtag/drivers/ti_icdi_usb.c:565:19: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
size_t cmd_len = snprintf(h->write_buffer, h->max_packet, PACKET_START "X%" PRIx32 ",%" PRIx32 ":", addr, len);
data/openocd-0.10.0+g20200819/src/jtag/drivers/vsllink.c:889:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, s);
data/openocd-0.10.0+g20200819/src/jtag/hla/hla_tcl.c:107:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s.%s", pTap->chip, pTap->tapname);
data/openocd-0.10.0+g20200819/src/jtag/tcl.c:563:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s.%s", pTap->chip, pTap->tapname);
data/openocd-0.10.0+g20200819/src/rtos/FreeRTOS.c:226:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rtos->thread_details->thread_name_str, tmp_str);
data/openocd-0.10.0+g20200819/src/rtos/FreeRTOS.c:369:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rtos->thread_details[tasks_found].thread_name_str, tmp_str);
data/openocd-0.10.0+g20200819/src/rtos/FreeRTOS.c:376:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rtos->thread_details[tasks_found].extra_info_str,
data/openocd-0.10.0+g20200819/src/rtos/FreeRTOS.c:533:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*info, tmp_str);
data/openocd-0.10.0+g20200819/src/rtos/ThreadX.c:324:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rtos->thread_details->thread_name_str, tmp_str);
data/openocd-0.10.0+g20200819/src/rtos/ThreadX.c:386:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rtos->thread_details[tasks_found].thread_name_str, tmp_str);
data/openocd-0.10.0+g20200819/src/rtos/ThreadX.c:412:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rtos->thread_details[tasks_found].extra_info_str, "State: %s", state_desc);
data/openocd-0.10.0+g20200819/src/rtos/chibios.c:363:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rtos->thread_details->extra_info_str, tmp_thread_extra_info);
data/openocd-0.10.0+g20200819/src/rtos/chibios.c:367:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rtos->thread_details->thread_name_str, tmp_thread_name);
data/openocd-0.10.0+g20200819/src/rtos/chibios.c:426:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(curr_thrd_details->thread_name_str, tmp_str);
data/openocd-0.10.0+g20200819/src/rtos/chibios.c:447:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(curr_thrd_details->extra_info_str, "State: %s", state_desc);
data/openocd-0.10.0+g20200819/src/rtos/eCos.c:177:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rtos->thread_details->thread_name_str, tmp_str);
data/openocd-0.10.0+g20200819/src/rtos/eCos.c:238:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rtos->thread_details[tasks_found].thread_name_str, tmp_str);
data/openocd-0.10.0+g20200819/src/rtos/eCos.c:265:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rtos->thread_details[tasks_found].extra_info_str, "State: %s", state_desc);
data/openocd-0.10.0+g20200819/src/rtos/hwthread.c:354:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(packet, "Hg%16" SCNx64, ¤t_threadid);
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1066:14: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
tmp_str += sprintf(tmp_str, "%016" PRIx64, temp->threadid);
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1101:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
tmp_strr += sprintf(tmp_strr, "%016" PRIx64, temp->threadid);
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1109:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmp_strr, "%016" PRIx64, temp->threadid);
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1131:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(packet, "qThreadExtraInfo,%" SCNx64, &threadid);
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1146:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
tmp_str_ptr += sprintf(tmp_str_ptr, "%s",
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1149:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
tmp_str_ptr += sprintf(tmp_str_ptr, "%s", pid);
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1152:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_str_ptr, "%s", name);
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1153:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_str_ptr, "%s", temp->name);
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1177:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(packet, "T%" SCNx64, &threadid);
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1273:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(packet, "Hg%16" SCNx64, ¤t_gdb_thread_rq);
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1284:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(packet, "Hc%16" SCNx64, ¤t_gdb_thread_rq);
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1489:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp,
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1495:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp,
data/openocd-0.10.0+g20200819/src/rtos/mqx.c:430:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rtos->thread_details[i].thread_name_str, (void *)task_name);
data/openocd-0.10.0+g20200819/src/rtos/mqx.c:442:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(rtos->thread_details[i].extra_info_str, extra_info_length,
data/openocd-0.10.0+g20200819/src/rtos/rtos.c:311:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(packet, "qThreadExtraInfo,%" SCNx64, &threadid);
data/openocd-0.10.0+g20200819/src/rtos/rtos.c:339:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
tmp_str_ptr += sprintf(tmp_str_ptr, "Name: %s", detail->thread_name_str);
data/openocd-0.10.0+g20200819/src/rtos/rtos.c:343:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
tmp_str_ptr += sprintf(tmp_str_ptr, "%s", detail->extra_info_str);
data/openocd-0.10.0+g20200819/src/rtos/rtos.c:380:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
tmp_str += sprintf(tmp_str, "%c%016" PRIx64, i == 0 ? 'm' : ',',
data/openocd-0.10.0+g20200819/src/rtos/rtos.c:408:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
size = snprintf(buffer, 19, "QC%016" PRIx64, target->rtos->current_thread);
data/openocd-0.10.0+g20200819/src/rtos/rtos.c:416:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(packet, "T%" SCNx64, &threadid);
data/openocd-0.10.0+g20200819/src/rtos/rtos.c:435:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(packet, "Hg%16" SCNx64, &threadid);
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:803:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fileio_command, "F%s,%" PRIx64 "/%" PRIx64 ",%" PRIx64 ",%" PRIx64, target->fileio_info->identifier,
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:809:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fileio_command, "F%s,%" PRIx64, target->fileio_info->identifier,
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:812:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fileio_command, "F%s,%" PRIx64 ",%" PRIx64 ",%" PRIx64, target->fileio_info->identifier,
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:817:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fileio_command, "F%s,%" PRIx64 ",%" PRIx64 ",%" PRIx64, target->fileio_info->identifier,
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:822:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fileio_command, "F%s,%" PRIx64 ",%" PRIx64 ",%" PRIx64, target->fileio_info->identifier,
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:827:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fileio_command, "F%s,%" PRIx64 "/%" PRIx64 ",%" PRIx64 "/%" PRIx64, target->fileio_info->identifier,
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:833:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fileio_command, "F%s,%" PRIx64 "/%" PRIx64, target->fileio_info->identifier,
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:837:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fileio_command, "F%s,%" PRIx64 "/%" PRIx64 ",%" PRIx64, target->fileio_info->identifier,
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:842:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fileio_command, "F%s,%" PRIx64 ",%" PRIx64, target->fileio_info->identifier,
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:846:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fileio_command, "F%s,%" PRIx64 ",%" PRIx64, target->fileio_info->identifier,
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:850:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fileio_command, "F%s,%" PRIx64, target->fileio_info->identifier,
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:853:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fileio_command, "F%s,%" PRIx64 "/%" PRIx64, target->fileio_info->identifier,
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:860:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fileio_command, "W%02" PRIx64, target->fileio_info->param_1);
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:1771:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf(*xml + *pos, *size - *pos, fmt, ap);
data/openocd-0.10.0+g20200819/src/svf/svf.c:266:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
len = sprintf(prbuf, msbits <= 4 ? "0x%01"PRIx8 : "0x%02"PRIx8, msb);
data/openocd-0.10.0+g20200819/src/svf/svf.c:268:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
len += sprintf(prbuf + len, "%02"PRIx8, buf[j]);
data/openocd-0.10.0+g20200819/src/target/arc.c:1477:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(ap_amv_reg_name, 24, "ap_amv%" PRIu32, ap_num);
data/openocd-0.10.0+g20200819/src/target/arc.c:1478:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(ap_amm_reg_name, 24, "ap_amm%" PRIu32, ap_num);
data/openocd-0.10.0+g20200819/src/target/arc.c:1479:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(ap_ac_reg_name, 24, "ap_ac%" PRIu32, ap_num);
data/openocd-0.10.0+g20200819/src/target/arc.c:1488:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(ap_ac_reg_name, 24, "ap_ac%" PRIu32, ap_num);
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:300:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text, 128,
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:372:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:747:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%cXT%s%s\tr%d, r%d%s",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:753:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%cXTA%s%s\tr%d, r%d, r%d%s",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:819:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s%s%s\tr%d, r%d, r%d", prefix, op, COND(opcode),
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:863:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "PKH%s%s\tr%d, r%d, r%d, %s #%d",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:884:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%cSAT%s\tr%d, #%d, r%d, %s #%d",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:905:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "SML%cD%s%s\tr%d, r%d, r%d, r%d",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:914:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "SMU%cD%s%s\tr%d, r%d, r%d",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:924:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "SML%cLD%s%s\tr%d, r%d, r%d, r%d",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:949:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "SMML%c%s%s\tr%d, r%d, r%d, r%d",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:958:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "SMMUL%s%s\tr%d, r%d, r%d",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:972:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%cSAT16%s\tr%d, #%d, r%d",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:990:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "SEL%s\tr%d, r%d, r%d", COND(opcode),
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:998:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "USAD8%s\tr%d, r%d, r%d", COND(opcode),
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:1003:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "USADA8%s\tr%d, r%d, r%d, r%d", COND(opcode),
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:1014:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s%s\tr%d, r%d", mnemonic, COND(opcode), rm, rd);
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:1367:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:1695:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:2109:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text, 128,
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:2436:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text, 128,
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:2591:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text, 128,
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:2619:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text, 128,
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:2725:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text, 128,
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:2743:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text, 128,
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:2764:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text, 128,
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3054:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cp, "%s\t%#8.8" PRIx32, inst, address);
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3090:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cp, "B%s.W\t%#8.8" PRIx32,
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3184:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, mnemonic);
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3215:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, mnemonic);
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3245:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "MSR\t%s, r%d", special_name(opcode & 0xff),
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3257:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "MRS\tr%d, %s", (int) (opcode >> 8) & 0x0f,
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3402:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s%s\tr%d, #%d\t; %#8.8x",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3405:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s%s%s\tr%d, r%d, #%d\t; %#8.8x",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3457:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%sSAT\tr%d, #%d, r%d, %s #%d\t",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3470:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%sBFX\tr%d, r%d, #%d, #%d\t",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3491:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s\tr%d, r%d, #%d\t; %#3.3x", mnemonic,
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3504:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cp, "ADR.W\tr%d, %#8.8" PRIx32, rd, address);
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3561:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "STR%s.W\tr%d, [r%d, r%d, LSL #%d]",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3568:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "STR%s.W\tr%d, [r%d, #%u]\t; %#3.3x",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3594:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "STR%s%s\tr%d, [r%d%s, #%s%u%s\t; %#2.2x",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3645:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%c%sL\tr%d, r%d, r%d, r%d",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3685:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "SRS%s\tsp%s, #%d", mode,
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3693:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "RFE%s\tr%d%s", mode,
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3698:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "STM.W\tr%d%s, ", rn, t ? "!" : "");
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3704:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "LDM.W\tr%d%s, ", rn, t ? "!" : "");
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3710:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "STMDB\tr%d%s, ", rn, t ? "!" : "");
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3713:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "LDMDB.W\tr%d%s, ", rn, t ? "!" : "");
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3725:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "r%d%s", t, registers ? ", " : "");
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3814:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s\tr%u, r%u, [r%u, #%u]\t; %#2.2x",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3817:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s\tr%u, r%u, [r%u]",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3824:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s\tr%u, [r%u, #%u]\t; %#2.2x",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3827:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s\tr%u, [r%u]",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3843:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s\tr%u, r%u, [r%u%s, #%s%u%s\t; %#2.2x",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3856:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cp, "%s\tr%u, r%u, %#8.8" PRIx32,
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3899:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "MOV%s.W\tr%d, r%d",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3914:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "RRX%s\tr%d, r%d",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3991:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s%s.W\tr%d, r%d, r%d",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4021:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, ", %s #%d", suffix, immed ? immed : 32);
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4025:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s%s.W\tr%d, r%d",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4030:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s%s.W\tr%d, r%d, #%d",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4063:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s%s.W\tr%d, r%d, r%d",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4086:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%cXT%c.W\tr%d, r%d%s",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4124:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s\tr%d, r%d",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4149:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cp, "LDR\tr%d, %#8.8" PRIx32,
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4200:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "LDR\tr%d, [r%d%s, #%s%u%s\t; %#2.2x",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4231:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cp, "PLD\tr%d, %#8.8" PRIx32,
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4243:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cp, "LDRB\tr%d, %#8.8" PRIx32,
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4261:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "PLD%s\t[r%d, #%d]\t; %#6.6x",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4281:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "%s\tr%d, [r%d%s, #%d%s\t; %#8.8x",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4323:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cp, "PLI\t%#8.8" PRIx32, address);
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4334:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cp, "LDRSB\t%#8.8" PRIx32, address);
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4416:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cp, "LDR%sH\tr%d, %#8.8" PRIx32,
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4424:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "LDR%sH.W\tr%d, [r%d, r%d, LSL #%d]",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4430:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "LDR%sHT\tr%d, [r%d, #%d]\t; %#2.2x",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4450:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "LDR%sH\tr%d, [r%d%s, #%d%s\t; %#8.8x",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4459:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cp, "LDR%sH%s\tr%d, [r%d, #%d]\t; %#6.6x",
data/openocd-0.10.0+g20200819/src/target/image.c:161:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(&lpszLine[bytes_read], ":%2" SCNx32 "%4" SCNx32 "%2" SCNx32, &count,
data/openocd-0.10.0+g20200819/src/target/image.c:254:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(&lpszLine[bytes_read], "%2" SCNx32, &dummy);
data/openocd-0.10.0+g20200819/src/target/image.c:290:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(&lpszLine[bytes_read], "%8" SCNx32, &start_address);
data/openocd-0.10.0+g20200819/src/target/image.c:304:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(&lpszLine[bytes_read], "%2" SCNx32, &checksum);
data/openocd-0.10.0+g20200819/src/target/image.c:567:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(&lpszLine[bytes_read], "S%1" SCNx32 "%2" SCNx32, &record_type,
data/openocd-0.10.0+g20200819/src/target/image.c:590:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(&lpszLine[bytes_read], "%4" SCNx32, &address);
data/openocd-0.10.0+g20200819/src/target/image.c:599:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(&lpszLine[bytes_read], "%6" SCNx32, &address);
data/openocd-0.10.0+g20200819/src/target/image.c:609:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(&lpszLine[bytes_read], "%8" SCNx32, &address);
data/openocd-0.10.0+g20200819/src/target/image.c:651:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(&lpszLine[bytes_read], "%2" SCNx32, &dummy);
data/openocd-0.10.0+g20200819/src/target/image.c:676:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(&lpszLine[bytes_read], "%2" SCNx32, &checksum);
data/openocd-0.10.0+g20200819/src/target/nds32.c:2016:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command_sequence, command_str);
data/openocd-0.10.0+g20200819/src/target/nds32.c:2040:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command_str, "write_misc %s 0x%" PRIx32 ";", reg_name, code);
data/openocd-0.10.0+g20200819/src/target/nds32_cmd.c:872:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(data_str, "0x%08" PRIx32, edm_sr_value);
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:173:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:189:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:292:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:308:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:324:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:423:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:439:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:995:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1010:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1025:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1050:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1065:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1080:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1276:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1285:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1300:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1324:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1348:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1357:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1372:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1381:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1394:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1407:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1420:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1436:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1453:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1470:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1487:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1501:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1515:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1529:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1543:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1557:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1570:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1583:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1596:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1609:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1624:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1633:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1647:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1663:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1678:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1692:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1706:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1720:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1736:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1745:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1760:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1769:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1784:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1793:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1808:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1817:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1846:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1859:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1872:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1885:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1899:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1915:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1929:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1941:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1955:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1971:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:1987:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2003:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2017:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2030:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2043:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2056:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2069:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2081:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2093:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2106:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2120:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2135:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2149:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2163:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2177:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2191:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2205:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2219:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2233:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2247:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2261:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2302:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2313:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2326:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2333:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2350:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2357:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2367:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2375:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2385:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2392:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2414:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2426:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2447:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2458:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2469:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2480:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2491:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2502:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2513:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2524:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2559:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2572:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2584:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2596:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2608:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2621:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2634:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2672:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2694:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2706:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2724:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2735:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2747:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2775:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2784:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2793:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2804:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2866:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2878:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2890:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2897:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2911:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2918:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2931:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2945:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2960:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2971:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2979:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2987:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:2995:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3003:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3011:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3021:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3031:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3055:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3063:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3078:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3086:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3136:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3203:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3249:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3279:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3293:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3347:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3359:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3372:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3379:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3397:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3405:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3416:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3424:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3435:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3452:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3475:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3486:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3497:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3508:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3524:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3531:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3542:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3551:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3564:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3649:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3687:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3703:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3718:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3726:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3734:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3742:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3750:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.c:3758:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(instruction->text,
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:349:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text, "%s=%d", description[i].name, value);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:351:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(text, description[i].name);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:1831:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fmt, "M[0x%" TARGET_PRIxADDR "] %ss 0x%%0%d" PRIx64,
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:1952:26: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (dmi_read(target, &access, DMI_SBCS) != ERROR_OK)
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:1956:23: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access = set_field(access, DMI_SBCS_SBACCESS, size/2);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:1957:23: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access = set_field(access, DMI_SBCS_SBSINGLEREAD, 1);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:1958:55: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
LOG_DEBUG("\r\nread_memory: sab: access: 0x%08x", access);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:1959:32: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
dmi_write(target, DMI_SBCS, access);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:1974:24: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (dmi_read(target, &access, DMI_SBCS) != ERROR_OK)
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:1980:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access = set_field(access, DMI_SBCS_SBACCESS, size/2);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:1981:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access = set_field(access, DMI_SBCS_SBAUTOREAD, 1);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:1982:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access = set_field(access, DMI_SBCS_SBSINGLEREAD, 1);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:1983:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access = set_field(access, DMI_SBCS_SBAUTOINCREMENT, 1);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:1984:35: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
LOG_DEBUG("\r\naccess: 0x%08x", access);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:1985:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
dmi_write(target, DMI_SBCS, access);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:2438:22: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access = set_field(access, DMI_SBCS_SBACCESS, size/2);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:2439:31: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
dmi_write(target, DMI_SBCS, access);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:2440:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
LOG_DEBUG("\r\naccess: 0x%08" PRIx64, access);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:2449:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access = set_field(access, DMI_SBCS_SBACCESS, size/2);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:2450:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access = set_field(access, DMI_SBCS_SBAUTOINCREMENT, 1);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:2451:41: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
LOG_DEBUG("\r\naccess: 0x%08" PRIx64, access);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:2452:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
dmi_write(target, DMI_SBCS, access);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:2484:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access = set_field(access, DMI_SBCS_SBAUTOINCREMENT, 0);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:2485:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
dmi_write(target, DMI_SBCS, access);
data/openocd-0.10.0+g20200819/src/target/semihosting_common.c:1076:30: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
semihosting->result = system(
data/openocd-0.10.0+g20200819/src/target/target.c:674:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "ocd_process_reset %s", n->name);
data/openocd-0.10.0+g20200819/src/target/target.c:3211:18: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
output_len += snprintf(output + output_len,
data/openocd-0.10.0+g20200819/src/target/target.c:3232:17: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
output_len += snprintf(output + output_len,
data/openocd-0.10.0+g20200819/src/target/x86_32_common.c:1390:17: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
output_len += snprintf(output + output_len,
data/openocd-0.10.0+g20200819/contrib/itmdump.c:375:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "f:d:")) != EOF) {
data/openocd-0.10.0+g20200819/src/helper/configuration.c:149:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *home = getenv("HOME");
data/openocd-0.10.0+g20200819/src/helper/configuration.c:154:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = getenv("USERPROFILE");
data/openocd-0.10.0+g20200819/src/helper/configuration.c:159:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *drive = getenv("HOMEDRIVE");
data/openocd-0.10.0+g20200819/src/helper/configuration.c:160:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *path = getenv("HOMEPATH");
data/openocd-0.10.0+g20200819/src/helper/log.c:288:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *debug_env = getenv("OPENOCD_DEBUG_LEVEL");
data/openocd-0.10.0+g20200819/src/helper/options.c:111:13: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
exepath = realpath(path, NULL);
data/openocd-0.10.0+g20200819/src/helper/options.c:119:13: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
exepath = realpath("/proc/self/exe", NULL); /* Linux/Cygwin */
data/openocd-0.10.0+g20200819/src/helper/options.c:121:14: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
exepath = realpath("/proc/self/path/a.out", NULL); /* Solaris */
data/openocd-0.10.0+g20200819/src/helper/options.c:123:14: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
exepath = realpath("/proc/curproc/file", NULL); /* FreeBSD (Should be covered above) */
data/openocd-0.10.0+g20200819/src/helper/options.c:134:13: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
exepath = realpath(BINDIR, NULL);
data/openocd-0.10.0+g20200819/src/helper/options.c:197:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *home = getenv("HOME");
data/openocd-0.10.0+g20200819/src/helper/options.c:207:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
path = getenv("OPENOCD_SCRIPTS");
data/openocd-0.10.0+g20200819/src/helper/options.c:213:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *appdata = getenv("APPDATA");
data/openocd-0.10.0+g20200819/src/helper/options.c:248:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hvd::l:f:s:c:p", long_options, &option_index);
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:82:12: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
success = CreateProcess(NULL,
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:82:12: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
success = CreateProcess(NULL,
data/openocd-0.10.0+g20200819/contrib/itmdump.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/openocd-0.10.0+g20200819/contrib/itmdump.c:68:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "run");
data/openocd-0.10.0+g20200819/contrib/itmdump.c:71:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "block");
data/openocd-0.10.0+g20200819/contrib/itmdump.c:74:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "create");
data/openocd-0.10.0+g20200819/contrib/itmdump.c:77:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "destroy");
data/openocd-0.10.0+g20200819/contrib/itmdump.c:81:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "code %d", code);
data/openocd-0.10.0+g20200819/contrib/itmdump.c:114:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/openocd-0.10.0+g20200819/contrib/itmdump.c:379:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(optarg, "r");
data/openocd-0.10.0+g20200819/contrib/itmdump.c:386:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dump_swit = atoi(optarg);
data/openocd-0.10.0+g20200819/contrib/loaders/flash/cc26xx/flashloader.c:107:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g_retain_buf, (void *)(i * FLASH_ERASE_SIZE), FLASH_ERASE_SIZE);
data/openocd-0.10.0+g20200819/contrib/loaders/flash/cc26xx/flashloader.c:110:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&g_retain_buf[sec_offset], &src[src_offset], curr_count);
data/openocd-0.10.0+g20200819/contrib/remote_bitbang/remote_bitbang_sysfsgpio.c:79:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(name, O_WRONLY);
data/openocd-0.10.0+g20200819/contrib/remote_bitbang/remote_bitbang_sysfsgpio.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gpiostr[4];
data/openocd-0.10.0+g20200819/contrib/remote_bitbang/remote_bitbang_sysfsgpio.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/openocd-0.10.0+g20200819/contrib/remote_bitbang/remote_bitbang_sysfsgpio.c:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gpiostr[4];
data/openocd-0.10.0+g20200819/contrib/remote_bitbang/remote_bitbang_sysfsgpio.c:147:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = open(buf, O_WRONLY | O_NONBLOCK | O_SYNC);
data/openocd-0.10.0+g20200819/contrib/remote_bitbang/remote_bitbang_sysfsgpio.c:149:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = open(buf, O_RDONLY | O_NONBLOCK | O_SYNC);
data/openocd-0.10.0+g20200819/contrib/remote_bitbang/remote_bitbang_sysfsgpio.c:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/openocd-0.10.0+g20200819/contrib/remote_bitbang/remote_bitbang_sysfsgpio.c:325:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tck_gpio = atoi(argv[++i]);
data/openocd-0.10.0+g20200819/contrib/remote_bitbang/remote_bitbang_sysfsgpio.c:327:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tms_gpio = atoi(argv[++i]);
data/openocd-0.10.0+g20200819/contrib/remote_bitbang/remote_bitbang_sysfsgpio.c:329:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tdo_gpio = atoi(argv[++i]);
data/openocd-0.10.0+g20200819/contrib/remote_bitbang/remote_bitbang_sysfsgpio.c:331:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tdi_gpio = atoi(argv[++i]);
data/openocd-0.10.0+g20200819/contrib/remote_bitbang/remote_bitbang_sysfsgpio.c:333:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trst_gpio = atoi(argv[++i]);
data/openocd-0.10.0+g20200819/contrib/remote_bitbang/remote_bitbang_sysfsgpio.c:335:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
srst_gpio = atoi(argv[++i]);
data/openocd-0.10.0+g20200819/src/flash/nand/core.c:621:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, page, thisrun_size);
data/openocd-0.10.0+g20200819/src/flash/nand/core.c:655:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(page, data, thisrun_size);
data/openocd-0.10.0+g20200819/src/flash/nand/lpc3180.c:501:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(page_buffer, data, thisrun_data_size);
data/openocd-0.10.0+g20200819/src/flash/nand/lpc3180.c:508:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oob_buffer, oob, thisrun_oob_size);
data/openocd-0.10.0+g20200819/src/flash/nand/lpc3180.c:746:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ecc_flash_buffer, oob, oob_size);
data/openocd-0.10.0+g20200819/src/flash/nand/lpc3180.c:755:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(page_buffer, data, data_size);
data/openocd-0.10.0+g20200819/src/flash/nand/lpc3180.c:934:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, page_buffer, data_size);
data/openocd-0.10.0+g20200819/src/flash/nand/lpc3180.c:937:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oob, oob_buffer, oob_size);
data/openocd-0.10.0+g20200819/src/flash/nand/lpc3180.c:1114:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, page_buffer, data_size);
data/openocd-0.10.0+g20200819/src/flash/nand/lpc3180.c:1146:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oob, ecc_flash_buffer, oob_size);
data/openocd-0.10.0+g20200819/src/flash/nand/lpc32xx.c:676:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(page_buffer, data, thisrun_data_size);
data/openocd-0.10.0+g20200819/src/flash/nand/lpc32xx.c:683:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oob_buffer, oob, thisrun_oob_size);
data/openocd-0.10.0+g20200819/src/flash/nand/lpc32xx.c:1096:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fdata, data, data_size);
data/openocd-0.10.0+g20200819/src/flash/nand/lpc32xx.c:1135:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(foob, oob, oob_size);
data/openocd-0.10.0+g20200819/src/flash/nand/lpc32xx.c:1434:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, page_buffer, data_size);
data/openocd-0.10.0+g20200819/src/flash/nand/lpc32xx.c:1437:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oob, oob_buffer, oob_size);
data/openocd-0.10.0+g20200819/src/flash/nor/ambiqmicro.c:135:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *ambiqmicroClassname[6] = {
data/openocd-0.10.0+g20200819/src/flash/nor/at91sam3.c:3156:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(pPrivate->pChip->details),
data/openocd-0.10.0+g20200819/src/flash/nor/at91sam3.c:3461:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pagebuffer + page_offset,
data/openocd-0.10.0+g20200819/src/flash/nor/at91sam3.c:3483:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pagebuffer + page_offset,
data/openocd-0.10.0+g20200819/src/flash/nor/at91sam3.c:3525:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pagebuffer, buffer, count);
data/openocd-0.10.0+g20200819/src/flash/nor/at91sam4.c:2572:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(pPrivate->pChip->details),
data/openocd-0.10.0+g20200819/src/flash/nor/at91sam4.c:2940:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pagebuffer + page_offset,
data/openocd-0.10.0+g20200819/src/flash/nor/at91sam4.c:2962:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pagebuffer + page_offset,
data/openocd-0.10.0+g20200819/src/flash/nor/at91sam4.c:3004:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pagebuffer, buffer, count);
data/openocd-0.10.0+g20200819/src/flash/nor/at91sam4l.c:551:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pg + (page_offset % chip->page_size), buf, nb);
data/openocd-0.10.0+g20200819/src/flash/nor/at91sam7.c:111:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *EPROC[8] = {
data/openocd-0.10.0+g20200819/src/flash/nor/at91samd.c:866:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pb + pg_offset, buffer, nb);
data/openocd-0.10.0+g20200819/src/flash/nor/at91samd.c:1016:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int val = atoi(CMD_ARGV[0]);
data/openocd-0.10.0+g20200819/src/flash/nor/at91samd.c:1153:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int val = atoi(CMD_ARGV[0]);
data/openocd-0.10.0+g20200819/src/flash/nor/ath79.c:320:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, out, to_xfer);
data/openocd-0.10.0+g20200819/src/flash/nor/ath79.c:594:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ath79_info->spi.page_buf, buffer, len);
data/openocd-0.10.0+g20200819/src/flash/nor/atsame5.c:694:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pb + pg_offset, buffer, nb);
data/openocd-0.10.0+g20200819/src/flash/nor/atsamv.c:548:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pagebuffer + page_offset, buffer, count);
data/openocd-0.10.0+g20200819/src/flash/nor/atsamv.c:567:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pagebuffer + page_offset, buffer, n);
data/openocd-0.10.0+g20200819/src/flash/nor/atsamv.c:602:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pagebuffer, buffer, count); /* data goes at start of page */
data/openocd-0.10.0+g20200819/src/flash/nor/avrf.c:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[15];
data/openocd-0.10.0+g20200819/src/flash/nor/efm32.c:912:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
buffer = memcpy(new_buffer, buffer, old_count);
data/openocd-0.10.0+g20200819/src/flash/nor/efm32.c:935:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&value, buffer, sizeof(uint32_t));
data/openocd-0.10.0+g20200819/src/flash/nor/efm32.c:966:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/openocd-0.10.0+g20200819/src/flash/nor/em357.c:637:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&value, buffer + bytes_written, sizeof(uint16_t));
data/openocd-0.10.0+g20200819/src/flash/nor/em357.c:657:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&value, buffer + bytes_written, bytes_remaining);
data/openocd-0.10.0+g20200819/src/flash/nor/faux.c:91:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->memory + offset, buffer, count);
data/openocd-0.10.0+g20200819/src/flash/nor/fespi.c:536:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target + offset, as->steps[s], size + 2);
data/openocd-0.10.0+g20200819/src/flash/nor/fespi.c:545:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target + offset, as->steps[s], 3);
data/openocd-0.10.0+g20200819/src/flash/nor/fespi.c:553:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target + offset, as->steps[s], 2);
data/openocd-0.10.0+g20200819/src/flash/nor/fespi.c:562:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target + offset, as->steps[s], 1);
data/openocd-0.10.0+g20200819/src/flash/nor/fespi.c:576:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/openocd-0.10.0+g20200819/src/flash/nor/fespi.c:578:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf + x*3, "%02x ", target[i]);
data/openocd-0.10.0+g20200819/src/flash/nor/fespi.c:604:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(step + 2, data, step_count);
data/openocd-0.10.0+g20200819/src/flash/nor/kinetis.c:313:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[40];
data/openocd-0.10.0+g20200819/src/flash/nor/kinetis.c:936:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base_name[69], name[80], num[4];
data/openocd-0.10.0+g20200819/src/flash/nor/kinetis.c:1747:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer_aligned + align_begin, buffer, size);
data/openocd-0.10.0+g20200819/src/flash/nor/kinetis.c:1851:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
buffer = memcpy(new_buffer, buffer, old_count);
data/openocd-0.10.0+g20200819/src/flash/nor/kinetis.c:1942:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fcf_in_data, buffer + FCF_ADDRESS - offset, FCF_SIZE);
data/openocd-0.10.0+g20200819/src/flash/nor/kinetis.c:2036:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flash_marking[12], nvm_marking[2];
data/openocd-0.10.0+g20200819/src/flash/nor/kinetis.c:2037:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[40];
data/openocd-0.10.0+g20200819/src/flash/nor/kinetis.c:2348:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "MKV10Z%s7");
data/openocd-0.10.0+g20200819/src/flash/nor/kinetis.c:2357:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "MKV11Z%s7");
data/openocd-0.10.0+g20200819/src/flash/nor/kinetis_ke.c:1059:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
buffer = memcpy(new_buffer, buffer, old_count);
data/openocd-0.10.0+g20200819/src/flash/nor/lpc2000.c:1185:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(last_buffer, buffer + bytes_written, bytes_remaining);
data/openocd-0.10.0+g20200819/src/flash/nor/lpc288x.c:326:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(page_buffer, &buffer[source_offset], count);
data/openocd-0.10.0+g20200819/src/flash/nor/lpc288x.c:329:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(page_buffer, &buffer[source_offset], count);
data/openocd-0.10.0+g20200819/src/flash/nor/lpc2900.c:1190:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&page[offset % FLASH_PAGE_SIZE],
data/openocd-0.10.0+g20200819/src/flash/nor/lpc2900.c:1200:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&page, buffer, count);
data/openocd-0.10.0+g20200819/src/flash/nor/lpc2900.c:1314:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&page[offset % FLASH_PAGE_SIZE],
data/openocd-0.10.0+g20200819/src/flash/nor/mdr.c:336:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
buffer = memcpy(new_buffer, buffer, count);
data/openocd-0.10.0+g20200819/src/flash/nor/mdr.c:415:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&value, buffer + j + i*4, sizeof(uint32_t));
data/openocd-0.10.0+g20200819/src/flash/nor/msp432.c:944:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(name, "_1");
data/openocd-0.10.0+g20200819/src/flash/nor/niietcm4.c:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chip_brief[4096];
data/openocd-0.10.0+g20200819/src/flash/nor/niietcm4.c:1402:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
buffer = memcpy(new_buffer, buffer, count);
data/openocd-0.10.0+g20200819/src/flash/nor/niietcm4.c:1438:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&value, buffer + i*16, 4*sizeof(uint32_t));
data/openocd-0.10.0+g20200819/src/flash/nor/niietcm4.c:1588:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_bootflash_addr_str[64];
data/openocd-0.10.0+g20200819/src/flash/nor/niietcm4.c:1666:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(niietcm4_info->chip_brief,
data/openocd-0.10.0+g20200819/src/flash/nor/non_cfi.c:525:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cfi_info->erase_region_info,
data/openocd-0.10.0+g20200819/src/flash/nor/nrf5.c:582:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bf, b, 4);
data/openocd-0.10.0+g20200819/src/flash/nor/nrf5.c:587:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(bf, "xxxx");
data/openocd-0.10.0+g20200819/src/flash/nor/nrf5.c:612:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char variant[5];
data/openocd-0.10.0+g20200819/src/flash/nor/nrf5.c:799:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/openocd-0.10.0+g20200819/src/flash/nor/pic32mx.c:535:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_buffer + row_offset, buffer, thisrun_count * 4);
data/openocd-0.10.0+g20200819/src/flash/nor/pic32mx.c:653:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&value, buffer + bytes_written, sizeof(uint32_t));
data/openocd-0.10.0+g20200819/src/flash/nor/pic32mx.c:674:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&value, buffer + bytes_written, bytes_remaining);
data/openocd-0.10.0+g20200819/src/flash/nor/psoc4.c:682:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(row_buffer + row_offset, buffer, chunk_size);
data/openocd-0.10.0+g20200819/src/flash/nor/psoc4.c:808:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char macros_txt[20] = "";
data/openocd-0.10.0+g20200819/src/flash/nor/psoc5lp.c:203:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "CY8Cabcdefg-LPxxx");
data/openocd-0.10.0+g20200819/src/flash/nor/psoc5lp.c:759:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char part_number[PART_NUMBER_LEN];
data/openocd-0.10.0+g20200819/src/flash/nor/psoc5lp.c:918:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, buffer, byte_count);
data/openocd-0.10.0+g20200819/src/flash/nor/psoc5lp.c:940:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char part_number[PART_NUMBER_LEN];
data/openocd-0.10.0+g20200819/src/flash/nor/psoc5lp.c:1276:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 3 + SPC_OPCODE_LEN + 3, temp, 2);
data/openocd-0.10.0+g20200819/src/flash/nor/psoc5lp.c:1403:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char part_number[PART_NUMBER_LEN];
data/openocd-0.10.0+g20200819/src/flash/nor/psoc6.c:864:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&page_buf[row_offset], buffer, row_bytes);
data/openocd-0.10.0+g20200819/src/flash/nor/sim3x.c:138:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_package[4];
data/openocd-0.10.0+g20200819/src/flash/nor/sim3x.c:523:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
buffer = memcpy(new_buffer, buffer, old_count);
data/openocd-0.10.0+g20200819/src/flash/nor/sim3x.c:644:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char part_num_string[4];
data/openocd-0.10.0+g20200819/src/flash/nor/sim3x.c:667:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
part_number = atoi(part_num_string);
data/openocd-0.10.0+g20200819/src/flash/nor/stellaris.c:1209:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(last_word, buffer+bytes_written, bytes_remaining);
data/openocd-0.10.0+g20200819/src/flash/nor/stm32f1x.c:569:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
buffer = memcpy(new_buffer, buffer, count);
data/openocd-0.10.0+g20200819/src/flash/nor/stm32f1x.c:598:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&value, buffer, sizeof(uint16_t));
data/openocd-0.10.0+g20200819/src/flash/nor/stm32f2x.c:862:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&value, buffer + bytes_written, sizeof(uint16_t));
data/openocd-0.10.0+g20200819/src/flash/nor/stm32l4x.c:884:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_info[1024];
data/openocd-0.10.0+g20200819/src/flash/nor/stm32lx.c:643:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, buffer + bytes_written, bytes_to_write);
data/openocd-0.10.0+g20200819/src/flash/nor/stm32lx.c:694:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, buffer + bytes_written, bytes_to_write);
data/openocd-0.10.0+g20200819/src/flash/nor/str7x.c:659:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(last_dword, buffer+bytes_written, bytes_remaining);
data/openocd-0.10.0+g20200819/src/flash/nor/str9x.c:557:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(last_halfword, buffer+bytes_written, bytes_remaining);
data/openocd-0.10.0+g20200819/src/flash/nor/str9xpec.c:671:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(last_dword, buffer+bytes_written, bytes_remaining);
data/openocd-0.10.0+g20200819/src/flash/nor/tcl.c:92:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/openocd-0.10.0+g20200819/src/flash/nor/tms470.c:181:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(bank->sectors, TMS470R1A256_SECTORS, sizeof(TMS470R1A256_SECTORS));
data/openocd-0.10.0+g20200819/src/flash/nor/tms470.c:195:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(bank->sectors, TMS470R1A288_BANK0_SECTORS,
data/openocd-0.10.0+g20200819/src/flash/nor/tms470.c:205:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(bank->sectors, TMS470R1A288_BANK1_SECTORS,
data/openocd-0.10.0+g20200819/src/flash/nor/tms470.c:225:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(bank->sectors, TMS470R1A384_BANK0_SECTORS,
data/openocd-0.10.0+g20200819/src/flash/nor/tms470.c:235:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(bank->sectors, TMS470R1A384_BANK1_SECTORS,
data/openocd-0.10.0+g20200819/src/flash/nor/tms470.c:245:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(bank->sectors, TMS470R1A384_BANK2_SECTORS,
data/openocd-0.10.0+g20200819/src/flash/nor/xcf.c:473:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(page_buf, w_buffer, len);
data/openocd-0.10.0+g20200819/src/flash/nor/xmc4xxx.c:779:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp_buf[start_pad], buffer, remaining);
data/openocd-0.10.0+g20200819/src/flash/nor/xmc4xxx.c:924:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prot_str[512] = {0};
data/openocd-0.10.0+g20200819/src/flash/nor/xmc4xxx.c:935:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char otp_str[14];
data/openocd-0.10.0+g20200819/src/flash/nor/xmc4xxx.c:937:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(prot_str, "\nOTP Protection is enabled for sectors:\n");
data/openocd-0.10.0+g20200819/src/helper/binarybuffer.c:59:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_to, from, DIV_ROUND_UP(size, 8));
data/openocd-0.10.0+g20200819/src/helper/command.c:543:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dstr[2] = { delim, 0 };
data/openocd-0.10.0+g20200819/src/helper/configuration.c:81:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(full_path, mode);
data/openocd-0.10.0+g20200819/src/helper/configuration.c:92:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(full_path, mode);
data/openocd-0.10.0+g20200819/src/helper/configuration.c:109:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(file, mode);
data/openocd-0.10.0+g20200819/src/helper/configuration.c:115:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(full_path, mode);
data/openocd-0.10.0+g20200819/src/helper/configuration.c:158:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char homepath[MAX_PATH];
data/openocd-0.10.0+g20200819/src/helper/fileio.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_access[4];
data/openocd-0.10.0+g20200819/src/helper/fileio.c:69:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(file_access, "w+");
data/openocd-0.10.0+g20200819/src/helper/fileio.c:75:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(file_access, "a+");
data/openocd-0.10.0+g20200819/src/helper/ioutil.c:60:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pFile = fopen(fileName, "rb");
data/openocd-0.10.0+g20200819/src/helper/ioutil.c:130:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
config_file = fopen(CMD_ARGV[0], "w");
data/openocd-0.10.0+g20200819/src/helper/ioutil.c:166:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
config_file = fopen(CMD_ARGV[0], "a");
data/openocd-0.10.0+g20200819/src/helper/ioutil.c:203:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(CMD_ARGV[1], "wb");
data/openocd-0.10.0+g20200819/src/helper/ioutil.c:348:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[200];
data/openocd-0.10.0+g20200819/src/helper/ioutil.c:416:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/openocd-0.10.0+g20200819/src/helper/ioutil.c:417:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%02x-%02x-%02x-%02x-%02x-%02x",
data/openocd-0.10.0+g20200819/src/helper/log.c:53:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const log_strings[6] = {
data/openocd-0.10.0+g20200819/src/helper/log.c:241:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = fopen(CMD_ARGV[0], "w");
data/openocd-0.10.0+g20200819/src/helper/log.c:506:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_message[MAX_SOCKET_ERR_MSG_LENGTH];
data/openocd-0.10.0+g20200819/src/helper/options.c:175:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(relpath, "../");
data/openocd-0.10.0+g20200819/src/helper/replacements.c:130:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return (char *) memcpy(new, s, len);
data/openocd-0.10.0+g20200819/src/helper/replacements.h:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sun_path[UNIX_PATH_LEN];
data/openocd-0.10.0+g20200819/src/helper/replacements.h:250:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e_ident[16]; /* Magic number and other info */
data/openocd-0.10.0+g20200819/src/jtag/adapter.c:286:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *modes[6];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_interface.c:124:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (ERROR_OK != aice_port->api->open(¶m)) {
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:239:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:240:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:303:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:304:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:327:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:328:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:351:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:352:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:369:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:370:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:388:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:389:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:408:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:409:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:427:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:428:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:446:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:447:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:465:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:466:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:486:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:487:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:505:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:506:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:527:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:528:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:547:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:566:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:567:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:575:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(command + 13, buffer, size * count);
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:594:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE + 1];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:595:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:630:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, line + 1, prepare_len);
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:641:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:642:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE + 4];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:668:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(command + 4, buffer + written_len, write_len); /* data only */
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:691:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:692:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:710:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:711:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:731:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:732:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:751:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:752:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:771:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:772:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:792:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:793:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:813:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:814:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[AICE_PIPE_MAXLINE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_port.h:132:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open)(struct aice_port_param_s *param);
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_transport.c:51:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_expected_ids, pTap->expected_ids, expected_len);
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_transport.c:165:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected_id[12];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_usb.c:528:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(usb_out_packets_buffer + usb_out_packets_buffer_length, out_buffer, out_length);
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_usb.c:1744:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(usb_out_buffer + 4, word, num_of_words * 4);
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_usb.c:2235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_buffer[LINE_BUFFER_SIZE];
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_usb.c:2242:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
script_fd = fopen(script, "r");
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_usb.c:3155:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &svalue, sizeof(uint16_t));
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_usb.c:3168:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &value, sizeof(uint32_t));
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_usb.c:3272:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&value, buffer, sizeof(uint16_t));
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_usb.c:3287:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&value, buffer, sizeof(uint32_t));
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_usb.c:3840:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dim_instructions, instructions + i,
data/openocd-0.10.0+g20200819/src/jtag/core.c:994:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *reset_str[3] = {
data/openocd-0.10.0+g20200819/src/jtag/core.c:1212:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[32];
data/openocd-0.10.0+g20200819/src/jtag/drivers/amt_jtagaccel.c:425:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/openocd-0.10.0+g20200819/src/jtag/drivers/amt_jtagaccel.c:440:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
device_handle = open(buffer, O_RDWR);
data/openocd-0.10.0+g20200819/src/jtag/drivers/arm-jtag-ew.c:444:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sn[16];
data/openocd-0.10.0+g20200819/src/jtag/drivers/arm-jtag-ew.c:445:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auxinfo[257];
data/openocd-0.10.0+g20200819/src/jtag/drivers/arm-jtag-ew.c:456:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sn, usb_in_buffer + 4, 15);
data/openocd-0.10.0+g20200819/src/jtag/drivers/arm-jtag-ew.c:458:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(auxinfo, usb_in_buffer + 4+15, 256);
data/openocd-0.10.0+g20200819/src/jtag/drivers/arm-jtag-ew.c:783:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[81];
data/openocd-0.10.0+g20200819/src/jtag/drivers/arm-jtag-ew.c:784:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[4];
data/openocd-0.10.0+g20200819/src/jtag/drivers/at91rm9200.c:232:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dev_mem_fd = open("/dev/mem", O_RDWR | O_SYNC);
data/openocd-0.10.0+g20200819/src/jtag/drivers/bcm2835gpio.c:470:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dev_mem_fd = open("/dev/gpiomem", O_RDWR | O_SYNC);
data/openocd-0.10.0+g20200819/src/jtag/drivers/bcm2835gpio.c:473:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dev_mem_fd = open("/dev/mem", O_RDWR | O_SYNC);
data/openocd-0.10.0+g20200819/src/jtag/drivers/buspirate.c:384:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(CMD_ARGV[0]) == 1)
data/openocd-0.10.0+g20200819/src/jtag/drivers/buspirate.c:386:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (atoi(CMD_ARGV[0]) == 0)
data/openocd-0.10.0+g20200819/src/jtag/drivers/buspirate.c:400:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(CMD_ARGV[0]) == 1)
data/openocd-0.10.0+g20200819/src/jtag/drivers/buspirate.c:402:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (atoi(CMD_ARGV[0]) == 0)
data/openocd-0.10.0+g20200819/src/jtag/drivers/buspirate.c:416:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(CMD_ARGV[0]) == 1) {
data/openocd-0.10.0+g20200819/src/jtag/drivers/buspirate.c:420:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
} else if (atoi(CMD_ARGV[0]) == 0) {
data/openocd-0.10.0+g20200819/src/jtag/drivers/buspirate.c:988:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *mode_answers[2] = { "OCD1", "RAW1" };
data/openocd-0.10.0+g20200819/src/jtag/drivers/buspirate.c:1169:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(buspirate_port, O_RDWR | O_NOCTTY | O_NDELAY);
data/openocd-0.10.0+g20200819/src/jtag/drivers/buspirate.c:1277:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[LINE_SIZE];
data/openocd-0.10.0+g20200819/src/jtag/drivers/buspirate.c:1278:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[10];
data/openocd-0.10.0+g20200819/src/jtag/drivers/buspirate.c:1345:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 1, &sequence[sequence_offset], to_send);
data/openocd-0.10.0+g20200819/src/jtag/drivers/cmsis_dap_usb.c:1257:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + 3, queued_seq_buf, queued_seq_buf_end);
data/openocd-0.10.0+g20200819/src/jtag/drivers/ep93xx.c:152:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dev_mem_fd = open("/dev/mem", O_RDWR | O_SYNC);
data/openocd-0.10.0+g20200819/src/jtag/drivers/ft232r.c:83:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *ft232r_bit_name_array[FT232R_BIT_COUNT] = {
data/openocd-0.10.0+g20200819/src/jtag/drivers/ft232r.c:159:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ft232r_output + total_read, reply + 2, n - 2);
data/openocd-0.10.0+g20200819/src/jtag/drivers/ft232r.c:388:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(name);
data/openocd-0.10.0+g20200819/src/jtag/drivers/gw16012.c:418:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/openocd-0.10.0+g20200819/src/jtag/drivers/gw16012.c:428:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
device_handle = open(buffer, O_WRONLY);
data/openocd-0.10.0+g20200819/src/jtag/drivers/imx_gpio.c:492:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dev_mem_fd = open("/dev/mem", O_RDWR | O_SYNC);
data/openocd-0.10.0+g20200819/src/jtag/drivers/jlink.c:765:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp_config, &config, sizeof(struct device_config));
data/openocd-0.10.0+g20200819/src/jtag/drivers/jlink.c:783:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(conn.hid, "0.0.0.0");
data/openocd-0.10.0+g20200819/src/jtag/drivers/jlink.c:1552:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_config.mac_address, addr, sizeof(addr));
data/openocd-0.10.0+g20200819/src/jtag/drivers/jlink.c:1582:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ip, lip, sizeof(lip));
data/openocd-0.10.0+g20200819/src/jtag/drivers/jlink.c:1649:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp_config, &config, sizeof(struct device_config));
data/openocd-0.10.0+g20200819/src/jtag/drivers/jlink.c:1696:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp_config, &config, sizeof(struct device_config));
data/openocd-0.10.0+g20200819/src/jtag/drivers/jtag_usb_common.c:56:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(ptr) != dev_bus)
data/openocd-0.10.0+g20200819/src/jtag/drivers/jtag_usb_common.c:68:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (path_step < path_len && atoi(ptr) != port_path[path_step])
data/openocd-0.10.0+g20200819/src/jtag/drivers/jtag_vpi.c:66:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd_buf[4];
data/openocd-0.10.0+g20200819/src/jtag/drivers/jtag_vpi.c:68:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer_out[XFERT_MAX_SIZE];
data/openocd-0.10.0+g20200819/src/jtag/drivers/jtag_vpi.c:69:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer_in[XFERT_MAX_SIZE];
data/openocd-0.10.0+g20200819/src/jtag/drivers/jtag_vpi.c:72:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char length_buf[4];
data/openocd-0.10.0+g20200819/src/jtag/drivers/jtag_vpi.c:76:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nb_bits_buf[4];
data/openocd-0.10.0+g20200819/src/jtag/drivers/jtag_vpi.c:245:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vpi.buffer_out, bits, nb_bytes);
data/openocd-0.10.0+g20200819/src/jtag/drivers/jtag_vpi.c:314:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vpi.buffer_out, bits, nb_bytes);
data/openocd-0.10.0+g20200819/src/jtag/drivers/jtag_vpi.c:340:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bits, vpi.buffer_in, nb_bytes);
data/openocd-0.10.0+g20200819/src/jtag/drivers/kitprog.c:252:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc_string[256+1]; /* Max size of string descriptor */
data/openocd-0.10.0+g20200819/src/jtag/drivers/kitprog.c:358:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char command[3] = {HID_TYPE_START | HID_TYPE_WRITE, 0x00, HID_COMMAND_VERSION};
data/openocd-0.10.0+g20200819/src/jtag/drivers/kitprog.c:359:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[64];
data/openocd-0.10.0+g20200819/src/jtag/drivers/kitprog.c:376:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char command[3] = {HID_TYPE_START | HID_TYPE_READ, 0x00, HID_COMMAND_POWER};
data/openocd-0.10.0+g20200819/src/jtag/drivers/kitprog.c:377:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[64];
data/openocd-0.10.0+g20200819/src/jtag/drivers/libusb_helper.c:104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc_string[256+1]; /* Max size of string descriptor */
data/openocd-0.10.0+g20200819/src/jtag/drivers/mpsse.c:36:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_string[32 * 3 + 1]; \
data/openocd-0.10.0+g20200819/src/jtag/drivers/mpsse.c:39:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
buf_string_pos += sprintf(buf_string + buf_string_pos, " %02x", buf[i]); \
data/openocd-0.10.0+g20200819/src/jtag/drivers/mpsse.c:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc_string[256]; /* Max size of string descriptor */
data/openocd-0.10.0+g20200819/src/jtag/drivers/mpsse.c:125:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(ptr) != dev_bus) {
data/openocd-0.10.0+g20200819/src/jtag/drivers/mpsse.c:139:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
&& atoi(ptr) != port_path[path_step]) {
data/openocd-0.10.0+g20200819/src/jtag/drivers/mpsse.c:358:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vidstr[5];
data/openocd-0.10.0+g20200819/src/jtag/drivers/mpsse.c:359:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidstr[5];
data/openocd-0.10.0+g20200819/src/jtag/drivers/mpsse.c:362:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
vid ? sprintf(vidstr, "%04x", *vid), vidstr : "*",
data/openocd-0.10.0+g20200819/src/jtag/drivers/mpsse.c:363:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pid ? sprintf(pidstr, "%04x", *pid), pidstr : "*",
data/openocd-0.10.0+g20200819/src/jtag/drivers/mpsse.c:806:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->read_buffer + res->transferred,
data/openocd-0.10.0+g20200819/src/jtag/drivers/nulink_usb.c:124:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, h->tempbuf + 2, V6M_MAX_COMMAND_LENGTH);
data/openocd-0.10.0+g20200819/src/jtag/drivers/nulink_usb.c:137:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, h->tempbuf + 3, V7M_MAX_COMMAND_LENGTH);
data/openocd-0.10.0+g20200819/src/jtag/drivers/nulink_usb.c:561:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, h->databuf + 4 + offset, len);
data/openocd-0.10.0+g20200819/src/jtag/drivers/nulink_usb.c:563:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + 2 * i, h->databuf + 4 * (2 * i + 1), len - 2);
data/openocd-0.10.0+g20200819/src/jtag/drivers/nulink_usb.c:737:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, h->databuf + 4 * (2 * i + 1), 4);
data/openocd-0.10.0+g20200819/src/jtag/drivers/opendous.c:192:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int request_version = atoi(CMD_ARGV[0]);
data/openocd-0.10.0+g20200819/src/jtag/drivers/opendous.c:819:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[81];
data/openocd-0.10.0+g20200819/src/jtag/drivers/opendous.c:820:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[4];
data/openocd-0.10.0+g20200819/src/jtag/drivers/openjtag.c:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/openocd-0.10.0+g20200819/src/jtag/drivers/openjtag.c:144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[4];
data/openocd-0.10.0+g20200819/src/jtag/drivers/openjtag.c:150:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "USB READ %d bytes", length);
data/openocd-0.10.0+g20200819/src/jtag/drivers/openjtag.c:153:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "USB WRITE %d bytes", length);
data/openocd-0.10.0+g20200819/src/jtag/drivers/openjtag.c:156:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "TO OpenOCD %d bytes", length);
data/openocd-0.10.0+g20200819/src/jtag/drivers/openjtag.c:159:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "Buffer %d bytes", length);
data/openocd-0.10.0+g20200819/src/jtag/drivers/openjtag.c:168:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "USB READ: %04x", i);
data/openocd-0.10.0+g20200819/src/jtag/drivers/openjtag.c:171:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "USB WRITE: %04x", i);
data/openocd-0.10.0+g20200819/src/jtag/drivers/openjtag.c:174:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "TO OpenOCD: %04x", i);
data/openocd-0.10.0+g20200819/src/jtag/drivers/openjtag.c:177:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "BUFFER: %04x", i);
data/openocd-0.10.0+g20200819/src/jtag/drivers/openjtag.c:182:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, " %02x", buffer[j]);
data/openocd-0.10.0+g20200819/src/jtag/drivers/parport.c:270:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/openocd-0.10.0+g20200819/src/jtag/drivers/parport.c:305:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
device_handle = open(buffer, O_WRONLY);
data/openocd-0.10.0+g20200819/src/jtag/drivers/parport.c:310:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
device_handle = open(buffer, O_WRONLY);
data/openocd-0.10.0+g20200819/src/jtag/drivers/presto.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial[FT_DEVICE_SERNUM_LEN];
data/openocd-0.10.0+g20200819/src/jtag/drivers/remote_bitbang.c:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char remote_bitbang_buf[64];
data/openocd-0.10.0+g20200819/src/jtag/drivers/rlink.c:220:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/openocd-0.10.0+g20200819/src/jtag/drivers/rshim.c:405:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rshim_fd = open(path, O_RDWR | O_SYNC);
data/openocd-0.10.0+g20200819/src/jtag/drivers/stlink_usb.c:883:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)h->cmdbuf, "USBC");
data/openocd-0.10.0+g20200819/src/jtag/drivers/stlink_usb.c:921:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char v_str[5 * (1 + 3) + 1]; /* VvJjMmBbSs */
data/openocd-0.10.0+g20200819/src/jtag/drivers/stlink_usb.c:1084:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "V%d", v);
data/openocd-0.10.0+g20200819/src/jtag/drivers/stlink_usb.c:1086:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "J%d", jtag);
data/openocd-0.10.0+g20200819/src/jtag/drivers/stlink_usb.c:1088:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "M%d", msd);
data/openocd-0.10.0+g20200819/src/jtag/drivers/stlink_usb.c:1090:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "B%d", bridge);
data/openocd-0.10.0+g20200819/src/jtag/drivers/stlink_usb.c:1092:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "S%d", swim);
data/openocd-0.10.0+g20200819/src/jtag/drivers/stlink_usb.c:1484:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cap, h->databuf, 8);
data/openocd-0.10.0+g20200819/src/jtag/drivers/stlink_usb.c:2125:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, h->databuf, len);
data/openocd-0.10.0+g20200819/src/jtag/drivers/stlink_usb.c:2194:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, h->databuf, len);
data/openocd-0.10.0+g20200819/src/jtag/drivers/stlink_usb.c:2263:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, h->databuf, len);
data/openocd-0.10.0+g20200819/src/jtag/drivers/stlink_usb.c:2732:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char desc_serial[(STLINK_SERIAL_LEN + 1) * 2];
data/openocd-0.10.0+g20200819/src/jtag/drivers/stlink_usb.c:2784:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(alternate_serial + i, "%02X", desc_serial[i + 2]);
data/openocd-0.10.0+g20200819/src/jtag/drivers/sysfsgpio.c:79:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(name, O_WRONLY);
data/openocd-0.10.0+g20200819/src/jtag/drivers/sysfsgpio.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gpiostr[5];
data/openocd-0.10.0+g20200819/src/jtag/drivers/sysfsgpio.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/openocd-0.10.0+g20200819/src/jtag/drivers/sysfsgpio.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gpiostr[5];
data/openocd-0.10.0+g20200819/src/jtag/drivers/sysfsgpio.c:157:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = open(buf, O_RDWR | O_NONBLOCK | O_SYNC);
data/openocd-0.10.0+g20200819/src/jtag/drivers/sysfsgpio.c:204:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/openocd-0.10.0+g20200819/src/jtag/drivers/sysfsgpio.c:220:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/openocd-0.10.0+g20200819/src/jtag/drivers/sysfsgpio.c:271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/openocd-0.10.0+g20200819/src/jtag/drivers/ti_icdi_usb.c:141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[50];
data/openocd-0.10.0+g20200819/src/jtag/drivers/ti_icdi_usb.c:146:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, h->write_buffer, len >= 50 ? 50-1 : len);
data/openocd-0.10.0+g20200819/src/jtag/drivers/ti_icdi_usb.c:319:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[20];
data/openocd-0.10.0+g20200819/src/jtag/drivers/ti_icdi_usb.c:483:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[10];
data/openocd-0.10.0+g20200819/src/jtag/drivers/ti_icdi_usb.c:511:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[20];
data/openocd-0.10.0+g20200819/src/jtag/drivers/ti_icdi_usb.c:536:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[20];
data/openocd-0.10.0+g20200819/src/jtag/drivers/ulink.c:2115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_manufacturer[20];
data/openocd-0.10.0+g20200819/src/jtag/drivers/usb_blaster/ublast2_access_libusb.c:231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[5];
data/openocd-0.10.0+g20200819/src/jtag/drivers/usb_blaster/ublast_access.h:47:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open)(struct ublast_lowlevel *low);
data/openocd-0.10.0+g20200819/src/jtag/drivers/usb_blaster/usb_blaster.c:168:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str + 2*i, "%02x", buf[i]);
data/openocd-0.10.0+g20200819/src/jtag/drivers/usb_blaster/usb_blaster.c:436:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&info.buf[info.bufidx], bytes, nb_bytes);
data/openocd-0.10.0+g20200819/src/jtag/drivers/usb_blaster/usb_blaster.c:680:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bits, tdos, DIV_ROUND_UP(nb_bits, 8));
data/openocd-0.10.0+g20200819/src/jtag/drivers/usb_blaster/usb_blaster.c:882:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = info.drv->open(info.drv);
data/openocd-0.10.0+g20200819/src/jtag/drivers/usbprog.c:82:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tms_chain[64];
data/openocd-0.10.0+g20200819/src/jtag/drivers/usbprog.c:406:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64]; /* fastest packet size for usb controller */
data/openocd-0.10.0+g20200819/src/jtag/drivers/usbprog.c:452:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64]; /* fastest packet size for usb controller */
data/openocd-0.10.0+g20200819/src/jtag/drivers/usbprog.c:493:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64]; /* fastest packet size for usb controller */
data/openocd-0.10.0+g20200819/src/jtag/drivers/usbprog.c:528:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2];
data/openocd-0.10.0+g20200819/src/jtag/drivers/usbprog.c:536:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2];
data/openocd-0.10.0+g20200819/src/jtag/drivers/usbprog.c:545:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2];
data/openocd-0.10.0+g20200819/src/jtag/drivers/usbprog.c:554:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[3];
data/openocd-0.10.0+g20200819/src/jtag/drivers/usbprog.c:567:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2];
data/openocd-0.10.0+g20200819/src/jtag/drivers/usbprog.c:589:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[tms_chain_index + 2];
data/openocd-0.10.0+g20200819/src/jtag/drivers/versaloon/usbtoxxx/usbtojtagraw.c:73:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(versaloon_cmd_buf + 4, tdi, bytelen);
data/openocd-0.10.0+g20200819/src/jtag/drivers/versaloon/usbtoxxx/usbtojtagraw.c:74:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(versaloon_cmd_buf + 4 + bytelen, tms, bytelen);
data/openocd-0.10.0+g20200819/src/jtag/drivers/versaloon/usbtoxxx/usbtoswd.c:95:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(versaloon_cmd_buf + 2, data, bytelen);
data/openocd-0.10.0+g20200819/src/jtag/drivers/versaloon/usbtoxxx/usbtoxxx.c:32:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *types_name[96] = {
data/openocd-0.10.0+g20200819/src/jtag/drivers/versaloon/usbtoxxx/usbtoxxx.c:187:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp->buff,
data/openocd-0.10.0+g20200819/src/jtag/drivers/versaloon/usbtoxxx/usbtoxxx.c:208:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(versaloon_pending[i].data_buffer,
data/openocd-0.10.0+g20200819/src/jtag/drivers/versaloon/usbtoxxx/usbtoxxx.c:313:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(versaloon_buf + 3, versaloon_buf + oldlen, newlen - oldlen);
data/openocd-0.10.0+g20200819/src/jtag/drivers/versaloon/usbtoxxx/usbtoxxx.c:361:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(usbtoxxx_buffer + usbtoxxx_current_cmd_index, cmdbuf, cmdlen);
data/openocd-0.10.0+g20200819/src/jtag/drivers/versaloon/usbtoxxx/usbtoxxx.c:522:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&usbtoxxx_buffer[usbtoxxx_current_cmd_index], buff, size);
data/openocd-0.10.0+g20200819/src/jtag/drivers/vsllink.c:790:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc_string[256];
data/openocd-0.10.0+g20200819/src/jtag/drivers/vsllink.c:880:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[81];
data/openocd-0.10.0+g20200819/src/jtag/drivers/vsllink.c:881:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[4];
data/openocd-0.10.0+g20200819/src/jtag/drivers/xds110.c:218:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char read_payload[USB_PAYLOAD_SIZE];
data/openocd-0.10.0+g20200819/src/jtag/drivers/xds110.c:219:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char write_packet[3];
data/openocd-0.10.0+g20200819/src/jtag/drivers/xds110.c:220:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char write_payload[USB_PAYLOAD_SIZE];
data/openocd-0.10.0+g20200819/src/jtag/drivers/xds110.c:242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial[XDS110_SERIAL_LEN + 1];
data/openocd-0.10.0+g20200819/src/jtag/drivers/xds110.c:249:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char txn_requests[MAX_DATA_BLOCK];
data/openocd-0.10.0+g20200819/src/jtag/drivers/xds110.c:370:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[max_data + 1];
data/openocd-0.10.0+g20200819/src/jtag/drivers/xds110.c:516:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buffer[MAX_PACKET];
data/openocd-0.10.0+g20200819/src/jtag/drivers/xds110.c:563:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&xds110.read_payload[count], (void *)&buffer[3], bytes_read);
data/openocd-0.10.0+g20200819/src/jtag/drivers/xds110.c:581:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&xds110.read_payload[count], (void *)buffer,
data/openocd-0.10.0+g20200819/src/jtag/drivers/xds110.c:827:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)data_out_pntr, (void *)data_out, total_bytes);
data/openocd-0.10.0+g20200819/src/jtag/drivers/xds110.c:833:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)data_in, (void *)data_in_pntr, total_bytes);
data/openocd-0.10.0+g20200819/src/jtag/drivers/xds110.c:1045:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)request_pntr, (void *)dap_requests, request_size);
data/openocd-0.10.0+g20200819/src/jtag/drivers/xds110.c:1052:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)dap_results, (void *)result_pntr, result_count * 4);
data/openocd-0.10.0+g20200819/src/jtag/drivers/xds110.c:1070:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)request_pntr, (void *)scan_requests, request_size);
data/openocd-0.10.0+g20200819/src/jtag/drivers/xds110.c:1077:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)scan_results, (void *)result_pntr, result_size);
data/openocd-0.10.0+g20200819/src/jtag/drivers/xds110.c:1096:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)path_pntr, (void *)path, num_states);
data/openocd-0.10.0+g20200819/src/jtag/drivers/xds110.c:2029:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t serial[XDS110_SERIAL_LEN + 1];
data/openocd-0.10.0+g20200819/src/jtag/drivers/xlnx-pcie-xvc.c:386:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/openocd-0.10.0+g20200819/src/jtag/drivers/xlnx-pcie-xvc.c:392:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
xlnx_pcie_xvc->fd = open(filename, O_RDWR | O_SYNC);
data/openocd-0.10.0+g20200819/src/jtag/hla/hla_interface.c:56:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int result = hl_if.layout->open(&hl_if);
data/openocd-0.10.0+g20200819/src/jtag/hla/hla_layout.c:44:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
res = adapter->layout->api->open(&adapter->param, &adapter->handle);
data/openocd-0.10.0+g20200819/src/jtag/hla/hla_layout.h:39:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open)(struct hl_interface_param_s *param, void **handle);
data/openocd-0.10.0+g20200819/src/jtag/hla/hla_layout.h:119:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open)(struct hl_interface_s *adapter);
data/openocd-0.10.0+g20200819/src/jtag/interface.c:395:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tms_str[33];
data/openocd-0.10.0+g20200819/src/jtag/interface.c:396:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tdi_str[33];
data/openocd-0.10.0+g20200819/src/jtag/tcl.c:959:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected_id[12];
data/openocd-0.10.0+g20200819/src/jtag/zy1000/zy1000.c:1206:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/dev/mem", O_RDWR | O_SYNC);
data/openocd-0.10.0+g20200819/src/pld/xilinx_bit.c:95:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input_file = fopen(filename, "rb");
data/openocd-0.10.0+g20200819/src/rtos/FreeRTOS.c:347:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[FREERTOS_THREAD_NAME_STR_SIZE];
data/openocd-0.10.0+g20200819/src/rtos/FreeRTOS.c:365:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp_str, "No Name");
data/openocd-0.10.0+g20200819/src/rtos/FreeRTOS.c:516:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[FREERTOS_THREAD_NAME_STR_SIZE];
data/openocd-0.10.0+g20200819/src/rtos/FreeRTOS.c:530:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp_str, "No Name");
data/openocd-0.10.0+g20200819/src/rtos/ThreadX.c:352:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[THREADX_THREAD_NAME_STR_SIZE];
data/openocd-0.10.0+g20200819/src/rtos/ThreadX.c:382:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp_str, "No Name");
data/openocd-0.10.0+g20200819/src/rtos/ThreadX.c:519:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[THREADX_THREAD_NAME_STR_SIZE];
data/openocd-0.10.0+g20200819/src/rtos/ThreadX.c:564:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp_str, "No Name");
data/openocd-0.10.0+g20200819/src/rtos/chibios.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch_identifier[4]; /**< @brief Always set to "main". */
data/openocd-0.10.0+g20200819/src/rtos/chibios.c:387:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[CHIBIOS_THREAD_NAME_STR_SIZE];
data/openocd-0.10.0+g20200819/src/rtos/chibios.c:422:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp_str, "No Name");
data/openocd-0.10.0+g20200819/src/rtos/chibios.c:509:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*symbol_list, chibios_symbol_list, sizeof(chibios_symbol_list));
data/openocd-0.10.0+g20200819/src/rtos/chromium-ec.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char build_info_buf[CROS_EC_MAX_BUILDINFO];
data/openocd-0.10.0+g20200819/src/rtos/chromium-ec.c:126:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(params, &chromium_ec_params_list[t], sizeof(*params));
data/openocd-0.10.0+g20200819/src/rtos/chromium-ec.c:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thread_str_buf[CROS_EC_MAX_NAME];
data/openocd-0.10.0+g20200819/src/rtos/eCos.c:194:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[ECOS_THREAD_NAME_STR_SIZE];
data/openocd-0.10.0+g20200819/src/rtos/eCos.c:234:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp_str, "No Name");
data/openocd-0.10.0+g20200819/src/rtos/hwthread.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[HW_THREAD_NAME_STR_SIZE];
data/openocd-0.10.0+g20200819/src/rtos/hwthread.c:255:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*rtos_reg_list)[i].value, (*reg_list)[i].value,
data/openocd-0.10.0+g20200819/src/rtos/hwthread.c:296:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rtos_reg->value, reg->value, bytes);
data/openocd-0.10.0+g20200819/src/rtos/linux.c:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[17];
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1151:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
tmp_str_ptr += sprintf(tmp_str_ptr, "%d, ", (int)temp->pid);
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1482:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
tmp += sprintf(tmp, "PID\t\tCPU\t\tASID\t\tNAME\n");
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1483:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
tmp += sprintf(tmp, "---\t\t---\t\t----\t\t----\n");
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1509:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(display, "linux_ps_command failed\n");
data/openocd-0.10.0+g20200819/src/rtos/nuttx.c:171:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(cmd + strlen(name));
data/openocd-0.10.0+g20200819/src/rtos/nuttx.c:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[GDB_BUFFER_SIZE / 2 + 1] = ""; /* Extra byte for null-termination */
data/openocd-0.10.0+g20200819/src/rtos/nuttx.c:331:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(thread->thread_name_str, "None");
data/openocd-0.10.0+g20200819/src/rtos/riot.c:211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32];
data/openocd-0.10.0+g20200819/src/rtos/rtos.c:234:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reply[GDB_BUFFER_SIZE + 1], cur_sym[GDB_BUFFER_SIZE / 2 + 1] = ""; /* Extra byte for null-termination */
data/openocd-0.10.0+g20200819/src/rtos/rtos.c:239:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
reply_len = sprintf(reply, "OK");
data/openocd-0.10.0+g20200819/src/rtos/rtos.c:342:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
tmp_str_ptr += sprintf(tmp_str_ptr, ", ");
data/openocd-0.10.0+g20200819/src/rtos/rtos.c:406:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[19];
data/openocd-0.10.0+g20200819/src/rtos/uCOS-III.c:286:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(params, &uCOS_III_params_list[i], sizeof(uCOS_III_params_list[i]));
data/openocd-0.10.0+g20200819/src/rtos/uCOS-III.c:391:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thread_str_buffer[UCOS_III_MAX_STRLEN + 1];
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GDB_BUFFER_SIZE + 1]; /* Extra byte for null-termination */
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:409:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_buffer[1024];
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:413:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_buffer + 1, buffer, len++);
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:500:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char checksum[3];
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:730:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig_reply[65];
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:731:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stop_reason[20];
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:732:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_thread[25];
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:798:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileio_command[256];
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:1087:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[4];
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:1097:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig_reply[4];
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:1144:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
tstr += sprintf(tstr, "%02x", buf[j]);
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:1962:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t + 1, xml + offset, length);
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:2576:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gdb_reply[10];
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:2851:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig_reply[128];
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:3227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig_reply[4];
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:3235:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gdb_packet_buffer[GDB_BUFFER_SIZE + 1]; /* Extra byte for null-termination */
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:3269:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/openocd-0.10.0+g20200819/src/server/server.c:135:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
c->fd_out = open(out_file, O_WRONLY);
data/openocd-0.10.0+g20200819/src/server/server.c:275:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&c->sin.sin_addr, hp->h_addr_list[0], hp->h_length);
data/openocd-0.10.0+g20200819/src/server/server.c:335:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
c->fd = open(c->port, O_RDONLY | O_NONBLOCK);
data/openocd-0.10.0+g20200819/src/server/tcl_server.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/openocd-0.10.0+g20200819/src/server/tcl_server.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/openocd-0.10.0+g20200819/src/server/tcl_server.c:183:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[256];
data/openocd-0.10.0+g20200819/src/server/telnet_server.c:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[TELNET_BUFFER_SIZE];
data/openocd-0.10.0+g20200819/src/server/telnet_server.c:150:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
histfp = fopen(history, "rb");
data/openocd-0.10.0+g20200819/src/server/telnet_server.c:186:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
histfp = fopen(history, "wb");
data/openocd-0.10.0+g20200819/src/server/telnet_server.c:289:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t_con->line, t_con->history[idx], t_con->line_size);
data/openocd-0.10.0+g20200819/src/server/telnet_server.c:372:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[TELNET_BUFFER_SIZE];
data/openocd-0.10.0+g20200819/src/server/telnet_server.h:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[TELNET_LINE_MAX_SIZE];
data/openocd-0.10.0+g20200819/src/server/telnet_server.h:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *history[TELNET_LINE_HISTORY_SIZE];
data/openocd-0.10.0+g20200819/src/svf/svf.c:54:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *svf_command_name[14] = {
data/openocd-0.10.0+g20200819/src/svf/svf.c:78:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *svf_trst_mode_name[4] = {
data/openocd-0.10.0+g20200819/src/svf/svf.c:401:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
svf_fd = fopen(CMD_ARGV[i], "r");
data/openocd-0.10.0+g20200819/src/svf/svf.c:921:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argus[256], command;
data/openocd-0.10.0+g20200819/src/svf/svf.c:1040:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xxr_para_tmp->len = atoi(argus[1]);
data/openocd-0.10.0+g20200819/src/svf/svf.c:1349:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
run_count = atoi(argus[i]);
data/openocd-0.10.0+g20200819/src/target/adi_v5_jtag.c:198:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->outvalue_buf, outvalue, 4);
data/openocd-0.10.0+g20200819/src/target/adi_v5_jtag.c:449:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(el->invalue, &invalue, sizeof(uint32_t));
data/openocd-0.10.0+g20200819/src/target/adi_v5_jtag.c:483:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(el->invalue, &invalue, sizeof(uint32_t));
data/openocd-0.10.0+g20200819/src/target/adi_v5_jtag.c:567:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(el->invalue, &invalue, sizeof(uint32_t));
data/openocd-0.10.0+g20200819/src/target/arc.c:1476:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ap_amv_reg_name[24], ap_amm_reg_name[24], ap_ac_reg_name[24];
data/openocd-0.10.0+g20200819/src/target/arc.c:1487:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ap_ac_reg_name[24];
data/openocd-0.10.0+g20200819/src/target/arc.h:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[REG_TYPE_MAX_NAME_LENGTH];
data/openocd-0.10.0+g20200819/src/target/arc.h:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_type_id[REG_TYPE_MAX_NAME_LENGTH];
data/openocd-0.10.0+g20200819/src/target/arc_mem.c:102:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer_te + ((addr + i * sizeof(uint16_t)) & 3u),
data/openocd-0.10.0+g20200819/src/target/arc_mem.c:143:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer_te + ((addr + i) & 3), (uint8_t *)buf + i, 1);
data/openocd-0.10.0+g20200819/src/target/arc_mem.c:294:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, tunnel_te + (address & 3u),
data/openocd-0.10.0+g20200819/src/target/arc_mem.c:301:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, tunnel_te + (address & 3u), count);
data/openocd-0.10.0+g20200819/src/target/arm11.c:867:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + i * sizeof(uint16_t), &svalue, sizeof(uint16_t));
data/openocd-0.10.0+g20200819/src/target/arm11.c:971:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&value, buffer + i * sizeof(uint16_t), sizeof(uint16_t));
data/openocd-0.10.0+g20200819/src/target/arm920t.c:889:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = fopen(CMD_ARGV[0], "w");
data/openocd-0.10.0+g20200819/src/target/arm920t.c:1171:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = fopen(CMD_ARGV[0], "w");
data/openocd-0.10.0+g20200819/src/target/arm_adi_v5.c:833:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *class_description[16] = {
data/openocd-0.10.0+g20200819/src/target/arm_adi_v5.c:1171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tabs[16] = "";
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:428:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addressing_mode[32];
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:546:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char offset[32];
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:721:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "UNDEFINED");
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:827:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "UNDEFINED");
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:838:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp,
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:1020:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "UNDEFINED");
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:1032:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char offset[32];
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:1161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reg_list[69];
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:1713:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shifter_operand[32];
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:2653:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reg_names[40];
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:2656:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptr_name[7] = "";
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3155:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cp, "UNDEFINED");
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3160:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "DBG\t#%d", (int) opcode & 0xf);
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3225:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cp, "UNDEFINED");
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3253:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "BXJ\tr%d", (int) (opcode >> 16) & 0x0f);
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3436:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "MOVW\tr%d, #%d\t; %#3.3x", rd, immed, immed);
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3446:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "MOVT\tr%d, #%d\t; %#4.4x", rd, immed, immed);
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3479:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "BFC\tr%d, #%d, #%d\t",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3483:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "BFI\tr%d, r%d, #%d, #%d\t",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3609:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "MUL\tr%d, r%d, r%d",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3614:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "MLA\tr%d, r%d, r%d, r%d",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3620:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "MLS\tr%d, r%d, r%d, r%d",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3655:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "%cDIV\tr%d, r%d, r%d",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3702:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "POP.W\t");
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3708:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "PUSH.W\t");
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3792:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "TBB\t[r%u, r%u]", rn, imm & 0xf);
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:3795:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "TBH\t[r%u, r%u, LSL #1]", rn, imm & 0xf);
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4015:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cp, ", RRX");
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4157:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "LDR.W\tr%d, [r%d, #%d]\t; %#3.3x",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4164:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "LDR.W\tr%d, [r%d, r%d, LSL #%d]",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4176:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "LDRT\tr%d, [r%d, #%d]\t; %#2.2x",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4251:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "LDRBT\tr%d, [r%d, #%d]\t; %#2.2x",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4294:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "PLD\t");
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4296:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "LDRB.W\tr%d, ", rt);
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4299:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "[r%d, r%d, LSL #%d]", rn, rm, immed);
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4341:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "LDRSBT\tr%d, [r%d, #%d]\t; %#2.2x",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4349:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "PLI\t[r%d, #%d]\t; -%#2.2x",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4364:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "PLI\t");
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4366:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "LDRSB.W\tr%d, ", rt);
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4369:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "[r%d, r%d, LSL #%d]", rn, rm, immed);
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4376:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "PLI\t[r%d, #%d]\t; %#3.3x",
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4400:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "HINT (UNALLOCATED)");
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4579:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cp, "UNDEFINED OPCODE");
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.c:4586:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cp, "(32-bit Thumb2 ...)");
data/openocd-0.10.0+g20200819/src/target/arm_disassembler.h:181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[128];
data/openocd-0.10.0+g20200819/src/target/armv4_5.c:886:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[80];
data/openocd-0.10.0+g20200819/src/target/armv7a_mmu.c:132:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bits_string[64];
data/openocd-0.10.0+g20200819/src/target/armv7m.c:174:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char enamebuf[32];
data/openocd-0.10.0+g20200819/src/target/armv7m.c:180:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(enamebuf, "External Interrupt(%i)", number - 16);
data/openocd-0.10.0+g20200819/src/target/armv7m_trace.c:194:39: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
armv7m->trace_config.trace_file = fopen(CMD_ARGV[cmd_idx], "ab");
data/openocd-0.10.0+g20200819/src/target/cortex_m.c:2459:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10];
data/openocd-0.10.0+g20200819/src/target/etm.c:1117:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cycles_text[32] = "";
data/openocd-0.10.0+g20200819/src/target/image.c:880:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, (uint8_t *)image->sections[section].private + offset, size);
data/openocd-0.10.0+g20200819/src/target/image.c:916:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + *size_read,
data/openocd-0.10.0+g20200819/src/target/image.c:925:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, (uint8_t *)image->sections[section].private + offset, size);
data/openocd-0.10.0+g20200819/src/target/image.c:930:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, (uint8_t *)image->sections[section].private + offset, size);
data/openocd-0.10.0+g20200819/src/target/image.c:956:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t *)section->private + section->size, data, size);
data/openocd-0.10.0+g20200819/src/target/image.c:971:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t *)section->private, data, size);
data/openocd-0.10.0+g20200819/src/target/nds32.c:36:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *nds32_debug_type_name[11] = {
data/openocd-0.10.0+g20200819/src/target/nds32.c:1469:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(breakpoint->orig_instr, &data, breakpoint->length);
data/openocd-0.10.0+g20200819/src/target/nds32.c:1992:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command_sequence[129];
data/openocd-0.10.0+g20200819/src/target/nds32.c:1993:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command_str[33];
data/openocd-0.10.0+g20200819/src/target/nds32.c:1994:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code_str[9];
data/openocd-0.10.0+g20200819/src/target/nds32.c:2015:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command_str, "write_misc gen_port0 0x%" PRIx32 ";", code);
data/openocd-0.10.0+g20200819/src/target/nds32.c:2350:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fileio_info->identifier, "exit");
data/openocd-0.10.0+g20200819/src/target/nds32.c:2357:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fileio_info->identifier, "open");
data/openocd-0.10.0+g20200819/src/target/nds32.c:2369:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fileio_info->identifier, "close");
data/openocd-0.10.0+g20200819/src/target/nds32.c:2374:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fileio_info->identifier, "read");
data/openocd-0.10.0+g20200819/src/target/nds32.c:2381:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fileio_info->identifier, "write");
data/openocd-0.10.0+g20200819/src/target/nds32.c:2388:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fileio_info->identifier, "lseek");
data/openocd-0.10.0+g20200819/src/target/nds32.c:2397:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fileio_info->identifier, "unlink");
data/openocd-0.10.0+g20200819/src/target/nds32.c:2409:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fileio_info->identifier, "rename");
data/openocd-0.10.0+g20200819/src/target/nds32.c:2424:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fileio_info->identifier, "fstat");
data/openocd-0.10.0+g20200819/src/target/nds32.c:2432:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fileio_info->identifier, "stat");
data/openocd-0.10.0+g20200819/src/target/nds32.c:2443:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fileio_info->identifier, "gettimeofday");
data/openocd-0.10.0+g20200819/src/target/nds32.c:2449:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fileio_info->identifier, "isatty");
data/openocd-0.10.0+g20200819/src/target/nds32.c:2456:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fileio_info->identifier, "system");
data/openocd-0.10.0+g20200819/src/target/nds32.c:2466:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fileio_info->identifier, "errno");
data/openocd-0.10.0+g20200819/src/target/nds32.c:2471:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fileio_info->identifier, "unknown");
data/openocd-0.10.0+g20200819/src/target/nds32.h:48:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *nds32_debug_type_name[11];
data/openocd-0.10.0+g20200819/src/target/nds32_aice.h:44:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return aice->port->api->open(param);
data/openocd-0.10.0+g20200819/src/target/nds32_cmd.c:819:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_str[12];
data/openocd-0.10.0+g20200819/src/target/nds32_cmd.c:824:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(data_str, "0x%08" PRIx32 " ", data[i]);
data/openocd-0.10.0+g20200819/src/target/nds32_cmd.c:868:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_str[11];
data/openocd-0.10.0+g20200819/src/target/nds32_disassembler.h:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[128];
data/openocd-0.10.0+g20200819/src/target/oocd_trace.c:106:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
oocd_trace->tty_fd = open(oocd_trace->tty, O_RDWR | O_NOCTTY | O_NONBLOCK);
data/openocd-0.10.0+g20200819/src/target/openrisc/jsp_server.c:63:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out_buffer[10];
data/openocd-0.10.0+g20200819/src/target/openrisc/jsp_server.c:64:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in_buffer[10];
data/openocd-0.10.0+g20200819/src/target/openrisc/jsp_server.c:115:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[TELNET_BUFFER_SIZE];
data/openocd-0.10.0+g20200819/src/target/openrisc/jsp_server.c:138:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in_buffer[10];
data/openocd-0.10.0+g20200819/src/target/openrisc/or1k.c:243:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&or1k_core_reg_list_arch_info[or1k->nb_regs], new_reg,
data/openocd-0.10.0+g20200819/src/target/openrisc/or1k.c:278:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/openocd-0.10.0+g20200819/src/target/openrisc/or1k.c:282:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "dtlbw%dmr%d", way, i);
data/openocd-0.10.0+g20200819/src/target/openrisc/or1k.c:289:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "dtlbw%dtr%d", way, i);
data/openocd-0.10.0+g20200819/src/target/openrisc/or1k.c:297:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "itlbw%dmr%d", way, i);
data/openocd-0.10.0+g20200819/src/target/openrisc/or1k.c:305:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "itlbw%dtr%d", way, i);
data/openocd-0.10.0+g20200819/src/target/openrisc/or1k.c:950:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(breakpoint->orig_instr, &data, breakpoint->length);
data/openocd-0.10.0+g20200819/src/target/openrisc/or1k_du_adv.c:533:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, in_buffer, total_size_bytes);
data/openocd-0.10.0+g20200819/src/target/openrisc/or1k_du_adv.c:534:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&crc_read, &in_buffer[total_size_bytes], 4);
data/openocd-0.10.0+g20200819/src/target/openrisc/or1k_du_adv.c:1050:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out_data[1], out_buffer, xmitsize);
data/openocd-0.10.0+g20200819/src/target/openrisc/or1k_du_adv.c:1070:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in_buffer, &in_data[1], *in_len);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:384:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_text[500];
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:385:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_text[500];
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:691:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *errors[8] = {
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:1830:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[80];
data/openocd-0.10.0+g20200819/src/target/riscv/riscv.c:1439:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int timeout = atoi(CMD_ARGV[0]);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv.c:1456:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int timeout = atoi(CMD_ARGV[0]);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv.c:1497:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[position+2];
data/openocd-0.10.0+g20200819/src/target/riscv/riscv.c:2357:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/openocd-0.10.0+g20200819/src/target/riscv/riscv.c:2394:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "x%d", regno - GDB_REGNO_ZERO);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv.c:2396:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "csr%d", regno - GDB_REGNO_CSR0);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv.c:2398:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "f%d", regno - GDB_REGNO_FPR0);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv.c:2400:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "gdb_regno_%d", regno);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv.c:2443:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->value, buf, (r->size + 7) / 8);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv.c:2656:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(reg_name, "pc");
data/openocd-0.10.0+g20200819/src/target/riscv/riscv.c:2784:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(reg_name, "csr%d", csr_number);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv.c:2902:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(reg_name, "priv");
data/openocd-0.10.0+g20200819/src/target/riscv/riscv.c:2921:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(reg_name, "custom%d", custom_number);
data/openocd-0.10.0+g20200819/src/target/semihosting_common.c:746:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
semihosting->result = open((char *)fn,
data/openocd-0.10.0+g20200819/src/target/semihosting_common.c:746:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
semihosting->result = open((char *)fn,
data/openocd-0.10.0+g20200819/src/target/smp.c:64:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex_buffer[len * 2 + 1];
data/openocd-0.10.0+g20200819/src/target/target.c:653:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/openocd-0.10.0+g20200819/src/target/target.c:3186:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[line_bytecnt * 4 + 1];
data/openocd-0.10.0+g20200819/src/target/target.c:3999:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char UNIT[2]; /* unit of profiling */
data/openocd-0.10.0+g20200819/src/target/target.c:4006:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "w");
data/openocd-0.10.0+g20200819/src/target/target.c:4302:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/openocd-0.10.0+g20200819/src/target/target.c:4304:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "mem2array address: 0x%08" PRIx32 " is not aligned for %" PRId32 " byte reads",
data/openocd-0.10.0+g20200819/src/target/target.c:4508:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/openocd-0.10.0+g20200819/src/target/target.c:4510:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "array2mem address: 0x%08" PRIx32 " is not aligned for %" PRId32 " byte reads",
data/openocd-0.10.0+g20200819/src/target/target.c:5515:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target->type, target_types[x], sizeof(struct target_type));
data/openocd-0.10.0+g20200819/src/target/target.c:5919:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fastload[i].data, buffer + offset, length);
data/openocd-0.10.0+g20200819/src/target/target.c:6116:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(read_ref + size + host_offset, test_pattern + offset, count * size);
data/openocd-0.10.0+g20200819/src/target/target.c:6178:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(read_ref, test_pattern, num_bytes);
data/openocd-0.10.0+g20200819/src/target/target.c:6179:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(read_ref + size + offset, write_buf + host_offset, count * size);
data/openocd-0.10.0+g20200819/src/target/target_request.c:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/openocd-0.10.0+g20200819/src/target/x86_32_common.c:252:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newbuffer, buffer, size*count);
data/openocd-0.10.0+g20200819/src/target/x86_32_common.c:1350:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[line_bytecnt * 4 + 1];
data/openocd-0.10.0+g20200819/src/target/xscale.c:690:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&value, packet, sizeof(uint32_t));
data/openocd-0.10.0+g20200819/src/target/xscale.c:3228:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[15];
data/openocd-0.10.0+g20200819/src/target/xscale.c:3395:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fill_string[12];
data/openocd-0.10.0+g20200819/src/target/xscale.c:3396:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fill_string, "fill %d", xscale->trace.buffer_fill);
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:257:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
xsvf_fd = open(filename, O_RDONLY);
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:731:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[128];
data/openocd-0.10.0+g20200819/contrib/itmdump.c:100:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(f);
data/openocd-0.10.0+g20200819/contrib/itmdump.c:333:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(f);
data/openocd-0.10.0+g20200819/contrib/itmdump.c:340:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(f);
data/openocd-0.10.0+g20200819/contrib/itmdump.c:347:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(f);
data/openocd-0.10.0+g20200819/contrib/itmdump.c:354:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(f);
data/openocd-0.10.0+g20200819/contrib/itmdump.c:400:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(f)) != EOF) {
data/openocd-0.10.0+g20200819/contrib/itmdump.c:407:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(f);
data/openocd-0.10.0+g20200819/contrib/itmdump.c:413:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(f);
data/openocd-0.10.0+g20200819/contrib/remote_bitbang/remote_bitbang_sysfsgpio.c:83:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = write(fd, valstr, strlen(valstr));
data/openocd-0.10.0+g20200819/contrib/remote_bitbang/remote_bitbang_sysfsgpio.c:180:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ret = read(tdo_fd, &buf, sizeof(buf));
data/openocd-0.10.0+g20200819/contrib/remote_bitbang/remote_bitbang_sysfsgpio.c:298:7: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getchar();
data/openocd-0.10.0+g20200819/src/flash/common.c:40:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned blen = strlen(name);
data/openocd-0.10.0+g20200819/src/flash/nand/mx3.c:624:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(25);
data/openocd-0.10.0+g20200819/src/flash/nor/at91samd.c:901:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(200);
data/openocd-0.10.0+g20200819/src/flash/nor/at91samd.c:1063:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(CMD_ARGV[num]) >= 3 &&
data/openocd-0.10.0+g20200819/src/flash/nor/core.c:120:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
retval = bank->driver->read(bank, buffer, offset, count);
data/openocd-0.10.0+g20200819/src/flash/nor/driver.h:155:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct flash_bank *bank,
data/openocd-0.10.0+g20200819/src/flash/nor/fm3.c:188:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/openocd-0.10.0+g20200819/src/flash/nor/kinetis.c:947:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(base_name, bank->name, sizeof(base_name) - 1);
data/openocd-0.10.0+g20200819/src/flash/nor/kinetis.c:960:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(base_name, target_name(k_chip->target), sizeof(base_name) - 1);
data/openocd-0.10.0+g20200819/src/flash/nor/mrvlqspi.c:313:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10);
data/openocd-0.10.0+g20200819/src/flash/nor/msp432.c:942:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *name = malloc(strlen(bank->name) + 3);
data/openocd-0.10.0+g20200819/src/flash/nor/psoc6.c:974:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/openocd-0.10.0+g20200819/src/flash/nor/stellaris.c:1401:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/openocd-0.10.0+g20200819/src/flash/nor/virtual.c:214:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
retval = master_bank->driver->read(master_bank, buffer, offset, count);
data/openocd-0.10.0+g20200819/src/flash/nor/xmc4xxx.c:941:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(prot_str, otp_str, sizeof(prot_str) - strlen(prot_str) - 1);
data/openocd-0.10.0+g20200819/src/flash/nor/xmc4xxx.c:941:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(prot_str, otp_str, sizeof(prot_str) - strlen(prot_str) - 1);
data/openocd-0.10.0+g20200819/src/helper/command.c:63:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Jim_AppendString(state->interp, state->output, string, strlen(string));
data/openocd-0.10.0+g20200819/src/helper/command.c:512:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(string, "\n"); /* alloc_vprintf guaranteed the buffer to be at least one
data/openocd-0.10.0+g20200819/src/helper/command.c:531:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned len = strlen(c->name);
data/openocd-0.10.0+g20200819/src/helper/command.c:752:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Jim_Obj *result = Jim_NewStringObj(interp, full_path, strlen(full_path));
data/openocd-0.10.0+g20200819/src/helper/command.c:873:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (c->usage && strlen(c->usage) > 0) {
data/openocd-0.10.0+g20200819/src/helper/command.c:1205:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/openocd-0.10.0+g20200819/src/helper/command.c:1352:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Jim_NewStringObj(interp, HostOs, strlen(HostOs)));
data/openocd-0.10.0+g20200819/src/helper/fileio.c:63:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(file_access, "r");
data/openocd-0.10.0+g20200819/src/helper/fileio.c:66:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(file_access, "w");
data/openocd-0.10.0+g20200819/src/helper/fileio.c:72:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(file_access, "a");
data/openocd-0.10.0+g20200819/src/helper/fileio.c:86:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(file_access, "b");
data/openocd-0.10.0+g20200819/src/helper/ioutil.c:172:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fwrite(CMD_ARGV[i], 1, strlen(CMD_ARGV[i]),
data/openocd-0.10.0+g20200819/src/helper/ioutil.c:173:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
config_file) != strlen(CMD_ARGV[i]))
data/openocd-0.10.0+g20200819/src/helper/ioutil.c:285:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Jim_NewStringObj(interp, entry->d_name, strlen(entry->d_name)));
data/openocd-0.10.0+g20200819/src/helper/ioutil.c:362:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Jim_AppendString(interp, tclOutput, ip, strlen(ip));
data/openocd-0.10.0+g20200819/src/helper/ioutil.c:406:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifreq.ifr_name, ifr->ifr_name, sizeof(ifreq.ifr_name) - 1);
data/openocd-0.10.0+g20200819/src/helper/ioutil.c:425:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Jim_AppendString(interp, tclOutput, buffer, strlen(buffer));
data/openocd-0.10.0+g20200819/src/helper/log.c:113:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(string) > 0) {
data/openocd-0.10.0+g20200819/src/helper/log.c:192:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, "\n");
data/openocd-0.10.0+g20200819/src/helper/log.c:481:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(sleep_a_bit * 1000);
data/openocd-0.10.0+g20200819/src/helper/options.c:172:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *relpath = malloc(i * 3 + strlen(to) + 1);
data/openocd-0.10.0+g20200819/src/helper/replacements.h:125:24: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
static inline unsigned usleep(unsigned int usecs)
data/openocd-0.10.0+g20200819/src/helper/replacements.h:131:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
#error no usleep defined for your platform
data/openocd-0.10.0+g20200819/src/helper/replacements.h:191:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(handle, buffer, count);
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_pipe.c:182:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(aice_pipe_input[0], buffer, count);
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_transport.c:101:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = strlen(pTap->chip) + 1 + strlen(pTap->tapname) + 1;
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_transport.c:101:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = strlen(pTap->chip) + 1 + strlen(pTap->tapname) + 1;
data/openocd-0.10.0+g20200819/src/jtag/aice/aice_usb.c:2139:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/openocd-0.10.0+g20200819/src/jtag/core.c:1035:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(jtag_flush_queue_sleep * 1000);
data/openocd-0.10.0+g20200819/src/jtag/core.c:1072:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(us);
data/openocd-0.10.0+g20200819/src/jtag/drivers/amt_jtagaccel.c:83:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__retval = read(device_handle, &val, 1); \
data/openocd-0.10.0+g20200819/src/jtag/drivers/amt_jtagaccel.c:104:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__retval = read(device_handle, &val, 1); \
data/openocd-0.10.0+g20200819/src/jtag/drivers/at91rm9200.c:172:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
at91rm9200_device = malloc(strlen(CMD_ARGV[0]) + sizeof(char));
data/openocd-0.10.0+g20200819/src/jtag/drivers/bitbang.c:246:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (bitbang_interface->read()) {
data/openocd-0.10.0+g20200819/src/jtag/drivers/bitbang.h:42:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bb_value_t (*read)(void);
data/openocd-0.10.0+g20200819/src/jtag/drivers/buspirate.c:248:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const ssize_t read_count = read(fd, buffer, sizeof(buffer));
data/openocd-0.10.0+g20200819/src/jtag/drivers/buspirate.c:1004:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/openocd-0.10.0+g20200819/src/jtag/drivers/buspirate.c:1051:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/openocd-0.10.0+g20200819/src/jtag/drivers/buspirate.c:1243:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, buf+len, size-len);
data/openocd-0.10.0+g20200819/src/jtag/drivers/jlink.c:552:9: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal;
data/openocd-0.10.0+g20200819/src/jtag/drivers/jlink.c:1531:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(str) != 17) || (str[2] != ':' || str[5] != ':' ||
data/openocd-0.10.0+g20200819/src/jtag/drivers/jlink.c:1620:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(CMD_ARGV[0]);
data/openocd-0.10.0+g20200819/src/jtag/drivers/jlink.c:1735:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = strlen(CMD_ARGV[1]);
data/openocd-0.10.0+g20200819/src/jtag/drivers/jtag_usb_common.c:81:9: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal;
data/openocd-0.10.0+g20200819/src/jtag/drivers/kitprog.c:272:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(kitprog_handle->serial, desc_string, retval + 1);
data/openocd-0.10.0+g20200819/src/jtag/drivers/kitprog.c:293:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(kitprog_handle->serial);
data/openocd-0.10.0+g20200819/src/jtag/drivers/parport.c:428:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parport_cable = malloc(strlen(CMD_ARGV[0]) + sizeof(char));
data/openocd-0.10.0+g20200819/src/jtag/drivers/remote_bitbang.c:66:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t count = read(remote_bitbang_fd,
data/openocd-0.10.0+g20200819/src/jtag/drivers/remote_bitbang.c:150:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t count = read(remote_bitbang_fd, &c, 1);
data/openocd-0.10.0+g20200819/src/jtag/drivers/remote_bitbang.c:264:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr.sun_path, remote_bitbang_host, sizeof(addr.sun_path));
data/openocd-0.10.0+g20200819/src/jtag/drivers/stlink_usb.c:840:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(delay_us);
data/openocd-0.10.0+g20200819/src/jtag/drivers/stlink_usb.c:2353:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep((1<<retries++) * 1000);
data/openocd-0.10.0+g20200819/src/jtag/drivers/stlink_usb.c:2374:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep((1<<retries++) * 1000);
data/openocd-0.10.0+g20200819/src/jtag/drivers/stlink_usb.c:2433:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep((1<<retries++) * 1000);
data/openocd-0.10.0+g20200819/src/jtag/drivers/stlink_usb.c:2454:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep((1<<retries++) * 1000);
data/openocd-0.10.0+g20200819/src/jtag/drivers/stlink_usb.c:2902:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1 * 1000 * 1000);
data/openocd-0.10.0+g20200819/src/jtag/drivers/sysfsgpio.c:83:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = write(fd, valstr, strlen(valstr));
data/openocd-0.10.0+g20200819/src/jtag/drivers/sysfsgpio.c:224:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ret = read(swdio_fd, &buf, sizeof(buf));
data/openocd-0.10.0+g20200819/src/jtag/drivers/sysfsgpio.c:275:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ret = read(tdo_fd, &buf, sizeof(buf));
data/openocd-0.10.0+g20200819/src/jtag/drivers/ti_icdi_usb.c:246:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(data), h->max_packet - cmd_len);
data/openocd-0.10.0+g20200819/src/jtag/drivers/ulink.c:374:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(delay);
data/openocd-0.10.0+g20200819/src/jtag/drivers/usb_blaster/ublast2_access_libusb.c:221:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000000);
data/openocd-0.10.0+g20200819/src/jtag/drivers/usb_blaster/ublast_access.h:45:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct ublast_lowlevel *low, uint8_t *buf, unsigned size,
data/openocd-0.10.0+g20200819/src/jtag/drivers/usb_blaster/usb_blaster.c:174:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ret = info.drv->read(info.drv, buf, size, bytes_read);
data/openocd-0.10.0+g20200819/src/jtag/drivers/usb_blaster/usb_blaster.c:982:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pin_value) > 1)
data/openocd-0.10.0+g20200819/src/jtag/drivers/usbprog.c:434:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1);
data/openocd-0.10.0+g20200819/src/jtag/drivers/usbprog.c:477:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1);
data/openocd-0.10.0+g20200819/src/jtag/drivers/xlnx-pcie-xvc.c:308:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(cmd->cmd.sleep->us);
data/openocd-0.10.0+g20200819/src/jtag/hla/hla_tcl.c:105:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = strlen(pTap->chip) + 1 + strlen(pTap->tapname) + 1;
data/openocd-0.10.0+g20200819/src/jtag/hla/hla_tcl.c:105:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = strlen(pTap->chip) + 1 + strlen(pTap->tapname) + 1;
data/openocd-0.10.0+g20200819/src/jtag/tcl.c:210:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Jim_ListAppendElement(interp, list, Jim_NewStringObj(interp, str, strlen(str)));
data/openocd-0.10.0+g20200819/src/jtag/tcl.c:561:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = strlen(pTap->chip) + 1 + strlen(pTap->tapname) + 1;
data/openocd-0.10.0+g20200819/src/jtag/tcl.c:561:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = strlen(pTap->chip) + 1 + strlen(pTap->tapname) + 1;
data/openocd-0.10.0+g20200819/src/jtag/zy1000/zy1000.c:849:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t = read(tcp_ip, in_buffer, sizeof(in_buffer));
data/openocd-0.10.0+g20200819/src/jtag/zy1000/zy1000.c:1169:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(watchdog_ip, &buf, 1) == 1) {
data/openocd-0.10.0+g20200819/src/rtos/FreeRTOS.c:368:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
malloc(strlen(tmp_str)+1);
data/openocd-0.10.0+g20200819/src/rtos/FreeRTOS.c:532:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*info = malloc(strlen(tmp_str)+1);
data/openocd-0.10.0+g20200819/src/rtos/ThreadX.c:385:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
malloc(strlen(tmp_str)+1);
data/openocd-0.10.0+g20200819/src/rtos/ThreadX.c:410:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rtos->thread_details[tasks_found].extra_info_str = malloc(strlen(
data/openocd-0.10.0+g20200819/src/rtos/ThreadX.c:566:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
detail->thread_name_str = malloc(strlen(tmp_str)+1);
data/openocd-0.10.0+g20200819/src/rtos/ThreadX.c:591:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
detail->extra_info_str = malloc(strlen(state_desc)+1);
data/openocd-0.10.0+g20200819/src/rtos/chibios.c:425:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tmp_str) + 1);
data/openocd-0.10.0+g20200819/src/rtos/chibios.c:445:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curr_thrd_details->extra_info_str = malloc(strlen(
data/openocd-0.10.0+g20200819/src/rtos/eCos.c:237:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
malloc(strlen(tmp_str)+1);
data/openocd-0.10.0+g20200819/src/rtos/eCos.c:263:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rtos->thread_details[tasks_found].extra_info_str = malloc(strlen(
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1062:13: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
tmp_str += sprintf(tmp_str, "m");
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1069:15: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
tmp_str += sprintf(tmp_str, ",");
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1072:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gdb_put_packet(connection, out_str, strlen(out_str));
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1099:15: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
tmp_strr += sprintf(tmp_strr, "m");
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1107:16: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
tmp_strr += sprintf(tmp_strr, ",");
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1114:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gdb_put_packet(connection, out_strr, strlen(out_strr));
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1140:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int str_size = strlen(pid) + strlen(name);
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1140:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int str_size = strlen(pid) + strlen(name);
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1154:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *hex_str = calloc(1, strlen(tmp_str) * 2 + 1);
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1156:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tmp_str), strlen(tmp_str) * 2 + 1);
data/openocd-0.10.0+g20200819/src/rtos/linux.c:1156:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tmp_str), strlen(tmp_str) * 2 + 1);
data/openocd-0.10.0+g20200819/src/rtos/mqx.c:427:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rtos->thread_details[i].thread_name_str = malloc(strlen((void *)task_name) + 1);
data/openocd-0.10.0+g20200819/src/rtos/mqx.c:438:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extra_info_length += strlen((void *)state_name) + 7 + 13 + 8 + 15 + 8;
data/openocd-0.10.0+g20200819/src/rtos/nuttx.c:165:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(cmd, name, strlen(name)))
data/openocd-0.10.0+g20200819/src/rtos/nuttx.c:168:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cmd) <= strlen(name) + 1)
data/openocd-0.10.0+g20200819/src/rtos/nuttx.c:168:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cmd) <= strlen(name) + 1)
data/openocd-0.10.0+g20200819/src/rtos/nuttx.c:171:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return atoi(cmd + strlen(name));
data/openocd-0.10.0+g20200819/src/rtos/rtos.c:245:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = unhexify((uint8_t *)cur_sym, strchr(packet + 8, ':') + 1, strlen(strchr(packet + 8, ':') + 1));
data/openocd-0.10.0+g20200819/src/rtos/rtos.c:287:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (8 + (strlen(next_sym->symbol_name) * 2) + 1 > sizeof(reply)) {
data/openocd-0.10.0+g20200819/src/rtos/rtos.c:294:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(const uint8_t *)next_sym->symbol_name, strlen(next_sym->symbol_name),
data/openocd-0.10.0+g20200819/src/rtos/rtos.c:331:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_size += strlen(detail->thread_name_str);
data/openocd-0.10.0+g20200819/src/rtos/rtos.c:333:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_size += strlen(detail->extra_info_str);
data/openocd-0.10.0+g20200819/src/rtos/rtos.c:346:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(tmp_str) ==
data/openocd-0.10.0+g20200819/src/rtos/rtos.c:349:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *hex_str = malloc(strlen(tmp_str) * 2 + 1);
data/openocd-0.10.0+g20200819/src/rtos/rtos.c:351:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tmp_str), strlen(tmp_str) * 2 + 1);
data/openocd-0.10.0+g20200819/src/rtos/rtos.c:351:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tmp_str), strlen(tmp_str) * 2 + 1);
data/openocd-0.10.0+g20200819/src/rtos/rtos.c:383:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gdb_put_packet(connection, out_str, strlen(out_str));
data/openocd-0.10.0+g20200819/src/rtos/rtos.c:467:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gdb_put_packet(connection, hex, strlen(hex));
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:217:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gdb_con->buf_cnt = read(connection->fd, gdb_con->buffer, GDB_BUFFER_SIZE);
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:239:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:254:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:705:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bin_size = strlen(line);
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:870:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
command_len = strlen(fileio_command);
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:1368:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t chars = strlen(separator + 1);
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:2371:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tdesc_length = strlen(tdesc);
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:2389:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((*chunk) + 1, tdesc + offset, length);
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:2392:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((*chunk) + 1, tdesc + offset, tdesc_length - offset);
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:2513:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t thread_list_length = strlen(*thread_list);
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:2533:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((*chunk) + 1, (*thread_list) + offset, length);
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:2644:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gdb_put_packet(connection, buffer, strlen(buffer));
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:2678:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gdb_put_packet(connection, xml, strlen(xml));
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:2709:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gdb_put_packet(connection, xml, strlen(xml));
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:2911:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hexlen = strlen(hex);
data/openocd-0.10.0+g20200819/src/server/gdb_server.c:3712:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tdesc_length = strlen(tdesc);
data/openocd-0.10.0+g20200819/src/server/server.c:749:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(connection->fd, data, len);
data/openocd-0.10.0+g20200819/src/server/tcl_server.c:61:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tcl_output(connection, buf, strlen(buf));
data/openocd-0.10.0+g20200819/src/server/tcl_server.c:68:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tcl_output(connection, buf, strlen(buf));
data/openocd-0.10.0+g20200819/src/server/tcl_server.c:86:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tcl_output(connection, buf, strlen(buf));
data/openocd-0.10.0+g20200819/src/server/tcl_server.c:100:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t max_len = hex_len + strlen(header) + strlen(trailer);
data/openocd-0.10.0+g20200819/src/server/tcl_server.c:100:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t max_len = hex_len + strlen(header) + strlen(trailer);
data/openocd-0.10.0+g20200819/src/server/tcl_server.c:110:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tcl_output(connection, buf, strlen(buf));
data/openocd-0.10.0+g20200819/src/server/telnet_server.c:65:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return telnet_write(connection, t_con->prompt, strlen(t_con->prompt));
data/openocd-0.10.0+g20200819/src/server/telnet_server.c:79:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/openocd-0.10.0+g20200819/src/server/telnet_server.c:114:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = strlen(t_con->prompt) + t_con->line_size;
data/openocd-0.10.0+g20200819/src/server/telnet_server.c:240:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
telnet_write(connection, negotiate, strlen(negotiate));
data/openocd-0.10.0+g20200819/src/server/telnet_server.c:244:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
telnet_write(connection, telnet_service->banner, strlen(telnet_service->banner));
data/openocd-0.10.0+g20200819/src/server/telnet_server.c:287:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t_con->line_size = strlen(t_con->history[idx]);
data/openocd-0.10.0+g20200819/src/server/telnet_server.c:331:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
telnet_write(connection, line, strlen(line));
data/openocd-0.10.0+g20200819/src/svf/svf.c:606:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(*lineptr)[0] = fgetc(stream);
data/openocd-0.10.0+g20200819/src/svf/svf.c:608:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(*lineptr)[++i] = fgetc(stream);
data/openocd-0.10.0+g20200819/src/svf/svf.c:803:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, str_len = strlen(str), str_hbyte_len = (bit_len + 3) >> 2;
data/openocd-0.10.0+g20200819/src/svf/svf.c:939:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ERROR_OK != svf_parse_cmd_string(cmd_str, strlen(cmd_str), argus, &num_of_argu))
data/openocd-0.10.0+g20200819/src/svf/svf.c:1057:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(argus[i + 1]) < 3) || (argus[i + 1][0] != '(') ||
data/openocd-0.10.0+g20200819/src/svf/svf.c:1058:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(argus[i + 1][strlen(argus[i + 1]) - 1] != ')')) {
data/openocd-0.10.0+g20200819/src/svf/svf.c:1062:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argus[i + 1][strlen(argus[i + 1]) - 1] = '\0';
data/openocd-0.10.0+g20200819/src/target/arc_cmd.c:206:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((void *)type->data_type.id, name, name_len);
data/openocd-0.10.0+g20200819/src/target/arc_cmd.c:233:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bitfields[cur_field].name, field_name, field_name_len);
data/openocd-0.10.0+g20200819/src/target/arc_cmd.c:572:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((void *)type->data_type.id, name, name_len);
data/openocd-0.10.0+g20200819/src/target/arc_cmd.c:597:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bitfields[cur_field].name, field_name, field_name_len);
data/openocd-0.10.0+g20200819/src/target/arc_cmd.c:678:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int type_name_len = strlen(type_name);
data/openocd-0.10.0+g20200819/src/target/esirisc.c:302:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reg_info->read(reg);
data/openocd-0.10.0+g20200819/src/target/esirisc.c:1405:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return reg_info->read(reg);
data/openocd-0.10.0+g20200819/src/target/esirisc.h:116:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct reg *reg);
data/openocd-0.10.0+g20200819/src/target/image.c:158:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((lpszLine[0] == '#') || (strlen(lpszLine + strspn(lpszLine, "\n\t\r ")) == 0))
data/openocd-0.10.0+g20200819/src/target/image.c:563:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((lpszLine[0] == '#') || (strlen(lpszLine + strspn(lpszLine, "\n\t\r ")) == 0))
data/openocd-0.10.0+g20200819/src/target/nds32.c:2003:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
passcode_length = strlen(nds32->edm_passcode);
data/openocd-0.10.0+g20200819/src/target/nds32.c:2011:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(code_str, nds32->edm_passcode + i, copy_length);
data/openocd-0.10.0+g20200819/src/target/nds32.c:2364:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fileio_info->param_2 = strlen((char *)filename);
data/openocd-0.10.0+g20200819/src/target/nds32.c:2402:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fileio_info->param_2 = strlen((char *)filename);
data/openocd-0.10.0+g20200819/src/target/nds32.c:2416:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fileio_info->param_2 = strlen((char *)filename);
data/openocd-0.10.0+g20200819/src/target/nds32.c:2419:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fileio_info->param_4 = strlen((char *)filename);
data/openocd-0.10.0+g20200819/src/target/nds32.c:2438:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fileio_info->param_2 = strlen((char *)filename) + 1;
data/openocd-0.10.0+g20200819/src/target/nds32.c:2461:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fileio_info->param_2 = strlen((char *)command);
data/openocd-0.10.0+g20200819/src/target/oocd_trace.c:44:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(oocd_trace->tty_fd, ((uint8_t *)value) + 4 - bytes_to_read, bytes_to_read);
data/openocd-0.10.0+g20200819/src/target/oocd_trace.c:89:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(oocd_trace->tty_fd,
data/openocd-0.10.0+g20200819/src/target/oocd_trace.c:139:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(oocd_trace->tty_fd, trash, sizeof(trash));
data/openocd-0.10.0+g20200819/src/target/openrisc/jsp_server.c:94:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
telnet_write(connection, negotiate, strlen(negotiate));
data/openocd-0.10.0+g20200819/src/target/openrisc/jsp_server.c:98:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
telnet_write(connection, jsp_service->banner, strlen(jsp_service->banner));
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-011.c:166:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read, write, execute;
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:136:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read, write, execute;
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:353:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text += strlen(text);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:1825:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned size_bytes, bool read)
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:1832:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
address, read ? "read" : "write", size_bytes * 2);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv-013.c:3444:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv.c:178:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read, write, execute;
data/openocd-0.10.0+g20200819/src/target/riscv/riscv.c:345:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tdata1 = set_field(tdata1, bpcontrol_r, trigger->read);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv.c:405:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (trigger->read)
data/openocd-0.10.0+g20200819/src/target/riscv/riscv.c:924:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
enum target_register_class reg_class, bool read)
data/openocd-0.10.0+g20200819/src/target/riscv/riscv.c:928:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r->rtos_hartid, r->current_hartid, reg_class, read);
data/openocd-0.10.0+g20200819/src/target/riscv/riscv.c:958:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read && !target->reg_cache->reg_list[i].valid) {
data/openocd-0.10.0+g20200819/src/target/riscv/riscv.c:2932:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reg_name += strlen(reg_name) + 1;
data/openocd-0.10.0+g20200819/src/target/semihosting_common.c:509:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint32_t len = strlen(arg) + 1;
data/openocd-0.10.0+g20200819/src/target/semihosting_common.c:813:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
semihosting->result = read(fd, buf, len);
data/openocd-0.10.0+g20200819/src/target/semihosting_common.c:854:26: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
semihosting->result = getchar();
data/openocd-0.10.0+g20200819/src/target/stm8.c:733:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/openocd-0.10.0+g20200819/src/target/target.c:2979:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_to_buf(CMD_ARGV[1], strlen(CMD_ARGV[1]), buf, reg->size, 0);
data/openocd-0.10.0+g20200819/src/target/target.c:3996:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
writeData(f, s, strlen(s));
data/openocd-0.10.0+g20200819/src/target/target.c:4074:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (15-strlen("seconds")); i++)
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:192:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, buf + num_bytes - 1, 1) < 0)
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:277:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(xsvf_fd, &opcode, 1) > 0) {
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:299:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(xsvf_fd, &uc, 1) < 0) {
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:379:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(xsvf_fd, xruntest_buf, 4) < 0) {
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:393:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(xsvf_fd, &myrepeat, 1) < 0)
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:406:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(xsvf_fd, xsdrsize_buf, 4) < 0) {
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:581:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(xsvf_fd, &uc, 1) < 0) {
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:624:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(xsvf_fd, &uc, 1) < 0) {
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:645:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(xsvf_fd, &uc, 1) < 0) {
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:674:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(xsvf_fd, short_buf, 1) < 0) {
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:681:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(xsvf_fd, short_buf, 2) < 0) {
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:734:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(xsvf_fd, &uc, 1) < 0) {
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:764:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(xsvf_fd, &wait_local, 1) < 0
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:765:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| read(xsvf_fd, &end, 1) < 0
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:766:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| read(xsvf_fd, delay_buf, 4) < 0) {
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:809:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(xsvf_fd, &wait_local, 1) < 0
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:810:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| read(xsvf_fd, &end, 1) < 0
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:811:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| read(xsvf_fd, clock_buf, 4) < 0
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:812:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| read(xsvf_fd, usecs_buf, 4) < 0) {
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:861:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(xsvf_fd, count_buf, 4) < 0) {
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:880:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(xsvf_fd, &state, 1) < 0
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:881:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| read(xsvf_fd, clock_buf, 4) < 0
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:882:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| read(xsvf_fd, usecs_buf, 4) < 0) {
data/openocd-0.10.0+g20200819/src/xsvf/xsvf.c:968:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(xsvf_fd, &trst_mode, 1) < 0) {
ANALYSIS SUMMARY:
Hits = 1295
Lines analyzed = 307990 in approximately 7.48 seconds (41170 lines/second)
Physical Source Lines of Code (SLOC) = 217969
Hits@level = [0] 494 [1] 244 [2] 637 [3] 17 [4] 397 [5] 0
Hits@level+ = [0+] 1789 [1+] 1295 [2+] 1051 [3+] 414 [4+] 397 [5+] 0
Hits/KSLOC@level+ = [0+] 8.20759 [1+] 5.94121 [2+] 4.82179 [3+] 1.89935 [4+] 1.82136 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.