Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ossp-uuid-1.6.2/pgsql/uuid.c
Examining data/ossp-uuid-1.6.2/php/uuid.c
Examining data/ossp-uuid-1.6.2/uuid++.cc
Examining data/ossp-uuid-1.6.2/uuid.c
Examining data/ossp-uuid-1.6.2/uuid_ac.h
Examining data/ossp-uuid-1.6.2/uuid_bm.h
Examining data/ossp-uuid-1.6.2/uuid_dce.c
Examining data/ossp-uuid-1.6.2/uuid_dce.h
Examining data/ossp-uuid-1.6.2/uuid_mac.c
Examining data/ossp-uuid-1.6.2/uuid_mac.h
Examining data/ossp-uuid-1.6.2/uuid_md5.c
Examining data/ossp-uuid-1.6.2/uuid_md5.h
Examining data/ossp-uuid-1.6.2/uuid_prng.c
Examining data/ossp-uuid-1.6.2/uuid_prng.h
Examining data/ossp-uuid-1.6.2/uuid_sha1.c
Examining data/ossp-uuid-1.6.2/uuid_sha1.h
Examining data/ossp-uuid-1.6.2/uuid_str.c
Examining data/ossp-uuid-1.6.2/uuid_str.h
Examining data/ossp-uuid-1.6.2/uuid_time.c
Examining data/ossp-uuid-1.6.2/uuid_time.h
Examining data/ossp-uuid-1.6.2/uuid_ui128.c
Examining data/ossp-uuid-1.6.2/uuid_ui128.h
Examining data/ossp-uuid-1.6.2/uuid_ui64.c
Examining data/ossp-uuid-1.6.2/uuid_ui64.h
Examining data/ossp-uuid-1.6.2/uuid_vers.h
Examining data/ossp-uuid-1.6.2/uuid_cli.c
FINAL RESULTS:
data/ossp-uuid-1.6.2/uuid_cli.c:50:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, str, ap);
data/ossp-uuid-1.6.2/uuid_cli.c:65:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, str, ap);
data/ossp-uuid-1.6.2/uuid_cli.c:102:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "1n:rF:dmo:v:h")) != -1) {
data/ossp-uuid-1.6.2/uuid_prng.c:97:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int)(
data/ossp-uuid-1.6.2/pgsql/uuid.c:52:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uuid_bin[UUID_LEN_BIN];
data/ossp-uuid-1.6.2/pgsql/uuid.c:181:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid_datum->uuid_bin, uuid_internal->data, uuid_internal->len);
data/ossp-uuid-1.6.2/pgsql/uuid.c:208:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid_bytea->vl_dat, uuid_datum->uuid_bin, UUID_LEN_BIN);
data/ossp-uuid-1.6.2/php/uuid.c:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[32];
data/ossp-uuid-1.6.2/php/uuid.c:105:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(version, "%lx", uuid_version());
data/ossp-uuid-1.6.2/uuid.c:184:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(obj, uuid, sizeof(uuid_t));
data/ossp-uuid-1.6.2/uuid.c:429:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexbuf[3];
data/ossp-uuid-1.6.2/uuid.c:652:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[UUID_LEN_STR+1];
data/ossp-uuid-1.6.2/uuid.c:653:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_siv[UUID_LEN_SIV+1];
data/ossp-uuid-1.6.2/uuid.c:661:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t_buf[19+1]; /* YYYY-MM-DD HH:MM:SS */
data/ossp-uuid-1.6.2/uuid.c:812:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*data_ptr, out_ptr, out_len);
data/ossp-uuid-1.6.2/uuid.c:979:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid->obj.node, uuid->mac, sizeof(uuid->mac));
data/ossp-uuid-1.6.2/uuid.c:1154:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid_ptr, sha1_ptr, UUID_LEN_BIN);
data/ossp-uuid-1.6.2/uuid_cli.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_buf_bin[UUID_LEN_BIN];
data/ossp-uuid-1.6.2/uuid_cli.c:78:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_buf_str[UUID_LEN_STR+1];
data/ossp-uuid-1.6.2/uuid_cli.c:79:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid_buf_siv[UUID_LEN_SIV+1];
data/ossp-uuid-1.6.2/uuid_cli.c:133:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(optarg, "w")) == NULL)
data/ossp-uuid-1.6.2/uuid_dce.h:60:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[16];
data/ossp-uuid-1.6.2/uuid_mac.c:135:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ifr.ifr_name, "eth0");
data/ossp-uuid-1.6.2/uuid_mac.c:151:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[MAXHOSTNAMELEN];
data/ossp-uuid-1.6.2/uuid_mac.c:167:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(sa->sin_addr), *(he->h_addr_list), sizeof(struct in_addr));
data/ossp-uuid-1.6.2/uuid_md5.c:101:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64]; /* input buffer */
data/ossp-uuid-1.6.2/uuid_md5.c:113:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char PADDING[64] = {
data/ossp-uuid-1.6.2/uuid_md5.c:187:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((POINTER)&context->buffer[idx], (POINTER)input, (size_t)partLen);
data/ossp-uuid-1.6.2/uuid_md5.c:197:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((POINTER)&context->buffer[idx], (POINTER)&input[i], (size_t)(inputLen - i));
data/ossp-uuid-1.6.2/uuid_md5.c:206:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bits[8];
data/ossp-uuid-1.6.2/uuid_md5.c:421:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)(&ctx), (void *)(&(md5->ctx)), sizeof(MD5_CTX));
data/ossp-uuid-1.6.2/uuid_md5.c:429:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MD5_LEN_BIN];
data/ossp-uuid-1.6.2/uuid_prng.c:77:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/urandom", O_RDONLY)) == -1)
data/ossp-uuid-1.6.2/uuid_prng.c:78:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/random", O_RDONLY|O_NONBLOCK);
data/ossp-uuid-1.6.2/uuid_prng.c:117:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5_buf[MD5_LEN_BIN];
data/ossp-uuid-1.6.2/uuid_sha1.c:399:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)(&ctx), (void *)(&(sha1->ctx)), sizeof(SHA1Context));
data/ossp-uuid-1.6.2/uuid_sha1.c:408:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[SHA1_LEN_BIN];
data/ossp-uuid-1.6.2/uuid_str.c:418:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char convert[20];
data/ossp-uuid-1.6.2/uuid_str.c:533:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iconvert[20];
data/ossp-uuid-1.6.2/uuid_str.c:534:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fconvert[20];
data/ossp-uuid-1.6.2/uuid_ui128.c:42:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define UIXX_T(n) struct { unsigned char x[n]; }
data/ossp-uuid-1.6.2/uuid_ui128.c:282:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z.x, zx.x, UI128_DIGITS);
data/ossp-uuid-1.6.2/uuid_ui128.c:284:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*ov).x, &zx.x[UI128_DIGITS], UI128_DIGITS);
data/ossp-uuid-1.6.2/uuid_ui128.c:367:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rx.x, x.x, UI128_DIGITS);
data/ossp-uuid-1.6.2/uuid_ui128.c:383:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dq.x, t.x, UI128_DIGITS);
data/ossp-uuid-1.6.2/uuid_ui128.c:390:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dq.x, t.x, UI128_DIGITS);
data/ossp-uuid-1.6.2/uuid_ui128.c:405:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r.x, rx.x, m);
data/ossp-uuid-1.6.2/uuid_ui128.c:518:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z.x, zx.x, UI128_DIGITS);
data/ossp-uuid-1.6.2/uuid_ui128.c:520:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*ov).x, &zx.x[UI128_DIGITS], UI128_DIGITS);
data/ossp-uuid-1.6.2/uuid_ui128.c:566:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z.x, &zx.x[UI128_DIGITS], UI128_DIGITS);
data/ossp-uuid-1.6.2/uuid_ui128.c:568:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*ov).x, zx.x, UI128_DIGITS);
data/ossp-uuid-1.6.2/uuid_ui128.h:72:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char x[16]; /* x_0, ..., x_15 */
data/ossp-uuid-1.6.2/uuid_ui64.c:42:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define UIXX_T(n) struct { unsigned char x[n]; }
data/ossp-uuid-1.6.2/uuid_ui64.c:282:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z.x, zx.x, UI64_DIGITS);
data/ossp-uuid-1.6.2/uuid_ui64.c:284:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*ov).x, &zx.x[UI64_DIGITS], UI64_DIGITS);
data/ossp-uuid-1.6.2/uuid_ui64.c:367:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rx.x, x.x, UI64_DIGITS);
data/ossp-uuid-1.6.2/uuid_ui64.c:383:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dq.x, t.x, UI64_DIGITS);
data/ossp-uuid-1.6.2/uuid_ui64.c:390:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dq.x, t.x, UI64_DIGITS);
data/ossp-uuid-1.6.2/uuid_ui64.c:405:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r.x, rx.x, m);
data/ossp-uuid-1.6.2/uuid_ui64.c:518:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z.x, zx.x, UI64_DIGITS);
data/ossp-uuid-1.6.2/uuid_ui64.c:520:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*ov).x, &zx.x[UI64_DIGITS], UI64_DIGITS);
data/ossp-uuid-1.6.2/uuid_ui64.c:566:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z.x, &zx.x[UI64_DIGITS], UI64_DIGITS);
data/ossp-uuid-1.6.2/uuid_ui64.c:568:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*ov).x, zx.x, UI64_DIGITS);
data/ossp-uuid-1.6.2/uuid_ui64.h:72:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char x[8]; /* x_0, ..., x_7 */
data/ossp-uuid-1.6.2/pgsql/uuid.c:85:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(uuid_str)) != UUID_LEN_STR)
data/ossp-uuid-1.6.2/pgsql/uuid.c:260:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((rc = uuid_import(uuid_ns, UUID_FMT_STR, str_ns, strlen(str_ns))) != UUID_RC_OK)
data/ossp-uuid-1.6.2/php/uuid.c:462:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data_len = strlen((char *)data_ptr);
data/ossp-uuid-1.6.2/uuid.c:408:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len = strlen(str);
data/ossp-uuid-1.6.2/uuid.c:801:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_len = strlen(out_ptr)+1;
data/ossp-uuid-1.6.2/uuid.c:1077:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (md5_update(uuid->md5, str, strlen(str)) != MD5_RC_OK)
data/ossp-uuid-1.6.2/uuid.c:1143:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sha1_update(uuid->sha1, str, strlen(str)) != SHA1_RC_OK)
data/ossp-uuid-1.6.2/uuid_cli.c:199:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((rc = uuid_import(uuid, UUID_FMT_STR, argv[0], strlen(argv[0]))) != UUID_RC_OK)
data/ossp-uuid-1.6.2/uuid_cli.c:203:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((rc = uuid_import(uuid, UUID_FMT_SIV, argv[0], strlen(argv[0]))) != UUID_RC_OK)
data/ossp-uuid-1.6.2/uuid_cli.c:226:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[0]) != UUID_LEN_STR)
data/ossp-uuid-1.6.2/uuid_cli.c:228:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((rc = uuid_import(uuid, UUID_FMT_STR, argv[0], strlen(argv[0]))) != UUID_RC_OK)
data/ossp-uuid-1.6.2/uuid_cli.c:240:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((rc = uuid_import(uuid_ns, UUID_FMT_STR, argv[0], strlen(argv[0]))) != UUID_RC_OK)
data/ossp-uuid-1.6.2/uuid_prng.c:138:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
i = (int)read(prng->dev, (void *)p, n);
data/ossp-uuid-1.6.2/uuid_str.c:735:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rv = strlen(*str);
data/ossp-uuid-1.6.2/uuid_str.c:739:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(*str);
ANALYSIS SUMMARY:
Hits = 79
Lines analyzed = 7397 in approximately 0.27 seconds (27281 lines/second)
Physical Source Lines of Code (SLOC) = 4985
Hits@level = [0] 12 [1] 15 [2] 60 [3] 2 [4] 2 [5] 0
Hits@level+ = [0+] 91 [1+] 79 [2+] 64 [3+] 4 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 18.2548 [1+] 15.8475 [2+] 12.8385 [3+] 0.802407 [4+] 0.401204 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.