Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/python-sysv-ipc-1.0.0/common.c
Examining data/python-sysv-ipc-1.0.0/common.h
Examining data/python-sysv-ipc-1.0.0/demos/sem_and_shm/conclusion.c
Examining data/python-sysv-ipc-1.0.0/demos/sem_and_shm/md5.c
Examining data/python-sysv-ipc-1.0.0/demos/sem_and_shm/md5.h
Examining data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c
Examining data/python-sysv-ipc-1.0.0/demos/sem_and_shm/utils.c
Examining data/python-sysv-ipc-1.0.0/demos/sem_and_shm/utils.h
Examining data/python-sysv-ipc-1.0.0/keys.c
Examining data/python-sysv-ipc-1.0.0/memory.c
Examining data/python-sysv-ipc-1.0.0/memory.h
Examining data/python-sysv-ipc-1.0.0/mq.c
Examining data/python-sysv-ipc-1.0.0/mq.h
Examining data/python-sysv-ipc-1.0.0/prober/probe_page_size.c
Examining data/python-sysv-ipc-1.0.0/prober/semtimedop_test.c
Examining data/python-sysv-ipc-1.0.0/prober/sniff_union_semun_defined.c
Examining data/python-sysv-ipc-1.0.0/semaphore.c
Examining data/python-sysv-ipc-1.0.0/semaphore.h
Examining data/python-sysv-ipc-1.0.0/sysv_ipc_module.c
FINAL RESULTS:
data/python-sysv-ipc-1.0.0/common.h:52:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DPRINTF(fmt, args...) fprintf(stderr, "+++ " fmt, ## args)
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/conclusion.c:84:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "Read %zu characters '%s'", strlen((char *)address), (char *)address);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/conclusion.c:106:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "Writing %zu characters '%s'", strlen(md5ified_message), md5ified_message);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/conclusion.c:109:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)address, md5ified_message);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/conclusion.c:111:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(last_message_i_wrote, md5ified_message);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/conclusion.c:116:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "Mismatch; rc = %d, new message is '%s', expected '%s'.", rc, (char *)address, md5ified_message);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:82:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)address, s);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:83:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(last_message_i_wrote, s);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:85:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "Wrote %zu characters: %s", strlen(last_message_i_wrote), last_message_i_wrote);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:114:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "Read %zu characters '%s'", strlen((char *)address), (char *)address);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:126:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "Read %zu characters '%s'", strlen((char *)address), (char *)address);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:142:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "Writing %zu characters '%s'", strlen(md5ified_message), md5ified_message);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:145:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)address, md5ified_message);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:146:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)last_message_i_wrote, md5ified_message);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:151:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "Mismatch; new message is '%s', expected '%s'.", (char *)address, md5ified_message);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:210:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, pAscTime);
data/python-sysv-ipc-1.0.0/sysv_ipc_module.c:786:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int)time(NULL));
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/conclusion.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/conclusion.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_message_i_wrote[256];
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/conclusion.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md5ified_message[256];
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/conclusion.c:40:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Getting a handle to the semaphore failed; errno is %d", errno);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/conclusion.c:49:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Couldn't get a handle to the shared memory; errno is %d", errno);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/conclusion.c:53:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Shared memory's id is %d", shm_id);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/conclusion.c:61:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Attaching the shared memory failed; errno is %d", errno);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/conclusion.c:65:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "shared memory address = %p", address);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/conclusion.c:72:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "iteration %d", i);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/conclusion.c:114:29: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Shared memory corruption after %d iterations.", i);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/conclusion.c:129:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Detaching the memory failed; errno is %d", errno);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/md5.c:169:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xbuf, data, 64);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/md5.c:343:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pms->buf + offset, p, copy);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/md5.c:357:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pms->buf, p, left);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_message_i_wrote[256];
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md5ified_message[256];
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:45:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Creating the shared memory failed; errno is %d", errno);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:49:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Shared memory's id is %d", shm_id);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:57:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Attaching the shared memory failed; errno is %d", errno);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:61:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "shared memory address = %p", address);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:72:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Creating the semaphore failed; errno is %d", errno);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:76:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "the semaphore id is %d", sem_id);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:90:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "iteration %d", i);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:149:29: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Shared memory corruption after %d iterations.", i);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:177:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Detaching the memory failed; errno is %d", errno);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:184:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Removing the memory failed; errno is %d", errno);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:193:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Removing the semaphore failed; errno is %d", errno);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/utils.c:28:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&outString[i * 2], "%02x", digest[i]);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/utils.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestamp[256];
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/utils.c:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/utils.c:60:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Releasing the semaphore failed; errno is %d\n", errno);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/utils.c:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/utils.c:81:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "Acquiring the semaphore failed; errno is %d\n", errno);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/utils.c:91:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/utils.c:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024];
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/utils.c:97:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("params.txt", "r");
data/python-sysv-ipc-1.0.0/memory.c:338:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *keyword_list[ ] = {"key", "flags", "mode", "size", "init_character", NULL};
data/python-sysv-ipc-1.0.0/memory.c:472:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *keyword_list[ ] = {"address", "flags", NULL};
data/python-sysv-ipc-1.0.0/memory.c:536:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *keyword_list[ ] = {"byte_count", "offset", NULL};
data/python-sysv-ipc-1.0.0/memory.c:619:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *keyword_list[ ] = {"s", "offset", NULL};
data/python-sysv-ipc-1.0.0/memory.c:674:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((self->address + offset), data.buf, data.len);
data/python-sysv-ipc-1.0.0/mq.c:365:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *keyword_list[ ] = {"key", "flags", "mode", "max_message_size", NULL};
data/python-sysv-ipc-1.0.0/mq.c:486:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *keyword_list[ ] = {"message", "block", "type", NULL};
data/python-sysv-ipc-1.0.0/mq.c:524:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p_msg->message, user_msg.buf, user_msg.len);
data/python-sysv-ipc-1.0.0/mq.c:589:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *keyword_list[ ] = {"block", "type", NULL};
data/python-sysv-ipc-1.0.0/semaphore.c:172:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *keyword_list[3][3] = {
data/python-sysv-ipc-1.0.0/semaphore.c:463:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *keyword_list[ ] = {"key", "flags", "mode", "initial_value", NULL};
data/python-sysv-ipc-1.0.0/sysv_ipc_module.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *keyword_list[ ] = {"id", "address", "flags", NULL};
data/python-sysv-ipc-1.0.0/sysv_ipc_module.c:121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *keyword_list[ ] = {"path", "id", "silence_warning", NULL};
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/conclusion.c:84:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(s, "Read %zu characters '%s'", strlen((char *)address), (char *)address);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/conclusion.c:106:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(s, "Writing %zu characters '%s'", strlen(md5ified_message), md5ified_message);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:85:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(s, "Wrote %zu characters: %s", strlen(last_message_i_wrote), last_message_i_wrote);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:114:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(s, "Read %zu characters '%s'", strlen((char *)address), (char *)address);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:126:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(s, "Read %zu characters '%s'", strlen((char *)address), (char *)address);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/premise.c:142:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(s, "Writing %zu characters '%s'", strlen(md5ified_message), md5ified_message);
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/utils.c:24:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_append(&state, (const md5_byte_t *)inString, strlen(inString));
data/python-sysv-ipc-1.0.0/demos/sem_and_shm/utils.c:100:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) && ('#' == line[0]))
ANALYSIS SUMMARY:
Hits = 75
Lines analyzed = 4717 in approximately 0.14 seconds (33495 lines/second)
Physical Source Lines of Code (SLOC) = 3374
Hits@level = [0] 4 [1] 8 [2] 50 [3] 1 [4] 16 [5] 0
Hits@level+ = [0+] 79 [1+] 75 [2+] 67 [3+] 17 [4+] 16 [5+] 0
Hits/KSLOC@level+ = [0+] 23.4143 [1+] 22.2288 [2+] 19.8577 [3+] 5.03853 [4+] 4.74215 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.