Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/sleuthkit-4.10.0+dfsg/bindings/java/jni/auto_db_java.cpp
Examining data/sleuthkit-4.10.0+dfsg/bindings/java/jni/auto_db_java.h
Examining data/sleuthkit-4.10.0+dfsg/bindings/java/jni/dataModel_SleuthkitJNI.cpp
Examining data/sleuthkit-4.10.0+dfsg/bindings/java/jni/dataModel_SleuthkitJNI.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/include/librejistry++.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/BinaryBlock.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/BinaryBlock.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/Buffer.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/Buffer.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/ByteBuffer.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/ByteBuffer.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/Cell.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/Cell.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/DBIndirectRecord.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/DBIndirectRecord.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/DBRecord.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/DBRecord.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/DirectSubkeyListRecord.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/DirectSubkeyListRecord.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/EmptySubkeyList.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/HBIN.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/HBIN.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/LFRecord.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/LFRecord.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/LHRecord.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/LHRecord.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/LIRecord.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/LIRecord.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/NKRecord.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/NKRecord.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/REGFHeader.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/REGFHeader.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/RIRecord.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/RIRecord.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/Record.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/Record.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/RegistryByteBuffer.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/RegistryByteBuffer.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/RegistryHive.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/RegistryHiveBuffer.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/RegistryHiveBuffer.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/RegistryHiveFile.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/RegistryHiveFile.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/RegistryKey.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/RegistryKey.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/RegistryParseException.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/RegistryValue.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/RegistryValue.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/Rejistry.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/Rejistry.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/RejistryException.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/RejistryException.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/SubkeyListRecord.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/SubkeyListRecord.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/VKRecord.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/VKRecord.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/ValueData.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/ValueData.h
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/ValueListRecord.cpp
Examining data/sleuthkit-4.10.0+dfsg/rejistry++/src/ValueListRecord.h
Examining data/sleuthkit-4.10.0+dfsg/samples/callback-cpp-style.cpp
Examining data/sleuthkit-4.10.0+dfsg/samples/callback-style.cpp
Examining data/sleuthkit-4.10.0+dfsg/samples/posix-cpp-style.cpp
Examining data/sleuthkit-4.10.0+dfsg/samples/posix-style.cpp
Examining data/sleuthkit-4.10.0+dfsg/tests/fs_attrlist_apis.cpp
Examining data/sleuthkit-4.10.0+dfsg/tests/fs_fname_apis.cpp
Examining data/sleuthkit-4.10.0+dfsg/tests/fs_thread_test.cpp
Examining data/sleuthkit-4.10.0+dfsg/tests/read_apis.cpp
Examining data/sleuthkit-4.10.0+dfsg/tests/tsk_thread.cpp
Examining data/sleuthkit-4.10.0+dfsg/tests/tsk_thread.h
Examining data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.h
Examining data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_gettimes.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_loaddb.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/plugins/jpeg_extract.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/arff.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/arff.h
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/base64.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/base64.h
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/content.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/content.h
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/dfxml.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/dfxml.h
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk.h
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk_tsk.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/hash_t.h
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/hexbuf.c
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/hexbuf.h
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/lua_utf8.c
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/plugin.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/plugin.h
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.c
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.h
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/unicode_escape.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/unicode_escape.h
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/utils.c
Examining data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/utils.h
Examining data/sleuthkit-4.10.0+dfsg/tools/fstools/blkcalc.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fstools/blkcat.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fstools/blkls.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fstools/blkstat.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fstools/fcat.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fstools/ffind.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fstools/fls.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fstools/fscheck.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fstools/fsstat.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fstools/icat.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fstools/ifind.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fstools/ils.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fstools/istat.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fstools/jcat.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fstools/jls.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/fstools/usnjls.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/hashtools/hfind.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/hashtools/md5.c
Examining data/sleuthkit-4.10.0+dfsg/tools/hashtools/sha1.c
Examining data/sleuthkit-4.10.0+dfsg/tools/imgtools/img_cat.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/imgtools/img_stat.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/DriveUtil.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/DriveUtil.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/FileExtractor.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/FileExtractor.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/LogicalImagerConfiguration.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/LogicalImagerConfiguration.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/LogicalImagerDateRule.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/LogicalImagerDateRule.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/LogicalImagerExtensionRule.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/LogicalImagerExtensionRule.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/LogicalImagerFilenameRule.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/LogicalImagerFilenameRule.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/LogicalImagerPathRule.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/LogicalImagerPathRule.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/LogicalImagerRuleBase.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/LogicalImagerRuleBase.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/LogicalImagerRuleSet.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/LogicalImagerRuleSet.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/LogicalImagerSizeRule.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/LogicalImagerSizeRule.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/MatchedRuleInfo.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/MatchedRuleInfo.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/RegFileInfo.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/RegFileInfo.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/RegHiveType.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/RegKey.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/RegKey.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/RegParser.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/RegParser.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/RegVal.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/RegVal.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/RegistryAnalyzer.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/RegistryAnalyzer.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/RegistryLoader.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/RegistryLoader.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/ReportUtil.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/ReportUtil.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/TskFindFiles.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/TskFindFiles.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/TskHelper.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/TskHelper.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/UserAccount.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/UserAccount.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/Version.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/json.h
Examining data/sleuthkit-4.10.0+dfsg/tools/logicalimager/tsk_logical_imager.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/pooltools/pstat.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/srchtools/sigfind.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/srchtools/srch_strings.c
Examining data/sleuthkit-4.10.0+dfsg/tools/vstools/mmcat.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/vstools/mmls.cpp
Examining data/sleuthkit-4.10.0+dfsg/tools/vstools/mmstat.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/auto/auto.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/auto/auto_db.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/auto/case_db.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/auto/guid.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/auto/guid.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/auto/is_image_supported.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/auto/tsk_auto.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/auto/tsk_auto_i.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/auto/tsk_case_db.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/auto/tsk_db.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/auto/tsk_db.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/auto/tsk_db_sqlite.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/auto/tsk_is_image_supported.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/base/XGetopt.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/base/crc.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/base/crc.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/base/md5c.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/base/mymalloc.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/base/sha1c.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_base.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_base_i.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_endian.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error_win32.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_list.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_lock.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_os.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_parse.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_printf.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_stack.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_unicode.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_version.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs_compat.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs_compat.hpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs_fs.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs_fs.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs_fs.hpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs_open.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/dcalc_lib.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/dcat_lib.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/decmpfs.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/decmpfs.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/dls_lib.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/dstat_lib.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/exfatfs.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/exfatfs_dent.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/exfatfs_meta.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/ext2fs.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/ext2fs_dent.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/ext2fs_journal.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/fatfs.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/fatfs_dent.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/fatfs_meta.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/fatfs_utils.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/fatxxfs.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/fatxxfs_dent.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/fatxxfs_meta.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/ffind_lib.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/ffs.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/ffs_dent.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/fls_lib.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_attr.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_attrlist.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_block.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_file.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_inode.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_io.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_load.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_name.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_open.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_parse.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_types.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs_dent.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs_journal.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs_unicompare.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/icat_lib.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/ifind_lib.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/ils_lib.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660_dent.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/lzvn.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/lzvn.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/nofs_misc.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs_dent.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/rawfs.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/swapfs.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_apfs.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_apfs.hpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_exfatfs.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_ext2fs.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fatfs.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fatxxfs.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_ffs.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fs.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fs_i.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_hfs.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_ntfs.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_yaffs.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/unix_misc.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/usn_journal.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/usnjls_lib.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/walk_cpp.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/hashdb/encase.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/hashdb/hashkeeper.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/hashdb/hdb_base.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/hashdb/idxonly.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/hashdb/md5sum.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/hashdb/nsrl.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/hashdb/sqlite_hdb.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/hashdb/tsk_hash_info.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/hashdb/tsk_hashdb.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/hashdb/tsk_hashdb.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/hashdb/tsk_hashdb_i.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/img/aff.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/img/aff.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/img/ewf.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/img/ewf.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/img/img_io.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/img/img_open.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/img/img_types.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/img/img_writer.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/img/img_writer.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/img/mult_files.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/img/pool.hpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/img/raw.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/img/raw.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/img/tsk_img.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/img/tsk_img_i.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/img/vhd.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/img/vhd.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/img/vmdk.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/img/vmdk.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/libtsk.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/pool/apfs_pool.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/pool/apfs_pool_compat.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/pool/apfs_pool_compat.hpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/pool/pool_compat.hpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/pool/pool_open.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/pool/pool_read.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/pool/pool_types.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/pool/tsk_apfs.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/pool/tsk_apfs.hpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/pool/tsk_pool.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/pool/tsk_pool.hpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/tsk_tools_i.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/util/crypto.cpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/util/crypto.hpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/util/lw_shared_ptr.hpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/util/span.hpp
Examining data/sleuthkit-4.10.0+dfsg/tsk/vs/bsd.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/vs/dos.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/vs/gpt.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/vs/mac.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/vs/mm_io.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/vs/mm_open.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/vs/mm_part.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/vs/mm_types.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/vs/sun.c
Examining data/sleuthkit-4.10.0+dfsg/tsk/vs/tsk_bsd.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/vs/tsk_dos.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/vs/tsk_gpt.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/vs/tsk_mac.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/vs/tsk_sun.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/vs/tsk_vs.h
Examining data/sleuthkit-4.10.0+dfsg/tsk/vs/tsk_vs_i.h
Examining data/sleuthkit-4.10.0+dfsg/unit_tests/base/errors_test.cpp
Examining data/sleuthkit-4.10.0+dfsg/unit_tests/base/errors_test.h
Examining data/sleuthkit-4.10.0+dfsg/unit_tests/base/test_base.cpp
FINAL RESULTS:
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:93:9: [5] (buffer) wcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
wcsncat(fullpath, a_dir, TSK_CD_BUFSIZE);
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:95:5: [5] (buffer) wcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
wcsncat(fullpath, L"\\*", TSK_CD_BUFSIZE);
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:115:9: [5] (buffer) wcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
wcsncat(file, L"\\", TSK_CD_BUFSIZE);
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:116:9: [5] (buffer) wcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
wcsncat(file, ffd.cFileName, TSK_CD_BUFSIZE);
data/sleuthkit-4.10.0+dfsg/tsk/auto/tsk_db.cpp:75:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(parent_path, path, MAX_PATH_LENGTH);
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:803:17: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(a_dinfo->dirs, "/", DIR_STRSZ);
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/dataModel_SleuthkitJNI.cpp:548:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(cPath, pathLength + 1, "%" PRIttocTSK, dbPath);
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/dataModel_SleuthkitJNI.cpp:586:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(cPath, pathLength + 1, "%" PRIttocTSK, indexPath);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/plugins/jpeg_extract.cpp:22:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmdbuf,"exif -m %s 2>/dev/null",argv[1]);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/plugins/jpeg_extract.cpp:23:15: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE *f = popen(cmdbuf,"r");
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/arff.cpp:254:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf,"%" PRIu64,value);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/content.cpp:125:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname,filename.c_str()); // just use the filename as is the first time
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/content.cpp:135:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(fname,sizeof(fname),fmtstring.c_str(),i);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/content.cpp:228:15: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE *f = popen(cmd,"r");
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/dfxml.cpp:68:4: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
mktemp(tmpl);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/dfxml.cpp:248:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int size = vsnprintf(buf,sizeof(buf),fmt,ap);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/dfxml.cpp:258:11: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void xml::printf(const char *fmt,...)
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/dfxml.h:143:10: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void printf(const char *fmt,...) __attribute__((format(printf, 2, 3))); // "2" because this is "1"
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/dfxml.h:143:60: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void printf(const char *fmt,...) __attribute__((format(printf, 2, 3))); // "2" because this is "1"
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/dfxml.h:145:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void printf(const char *fmt,...);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/dfxml.h:169:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 4, 5))); // "4" because this is "1";
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk.cpp:215:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf,sizeof(buf),format,ap);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk.cpp:605:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(save_outdir.c_str(),F_OK)){
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk.cpp:614:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(save_outdir.c_str(),R_OK)){
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk.cpp:620:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(text_fn,F_OK)==0) errx(1,"%s: file exists",text_fn);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk.cpp:626:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(arff_fn,F_OK)==0) errx(1,"%s: file exists",arff_fn);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk.cpp:642:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(xml_fn->c_str(),F_OK)==0){
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk_tsk.cpp:471:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if(sscanf(buf,fmt,filename,&start,chop,&length)==4){
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/hexbuf.c:24:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(dst,fmt,*bin); // convert the next byte
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/plugin.cpp:35:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define popen _popen
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/plugin.cpp:88:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(*lineptr, s.c_str());
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/plugin.cpp:201:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE *f = popen(cmd.c_str(),"r");
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/utils.c:41:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr,fmt,ap);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/utils.c:54:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr,fmt,ap);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/utils.c:67:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr,fmt, args);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/utils.c:78:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr,fmt,ap);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/utils.h:39:66: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void err(int eval,const char *fmt,...) __attribute__((format(printf, 2, 0))) __attribute__ ((__noreturn__));
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/utils.h:40:67: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void errx(int eval,const char *fmt,...) __attribute__((format(printf, 2, 0))) __attribute__ ((__noreturn__));
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/utils.h:41:59: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void warn(const char *fmt, ...) __attribute__((format(printf, 1, 0)));
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/utils.h:42:59: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void warnx(const char *fmt,...) __attribute__((format(printf, 1, 0)));
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/RegistryAnalyzer.cpp:51:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(m_outputFile, headers[i]);
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/RegistryAnalyzer.cpp:52:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(m_outputFile, (i < headerCount - 1) ? "\t" : "\n");
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/ReportUtil.cpp:91:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), msg, args);
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/TskHelper.cpp:299:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cpath, remainderPath.c_str());
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/json.h:3816:23: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(std::snprintf)(cr.data(), cr.size(), "%.2hhX", static_cast<unsigned char>(element_type));
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/json.h:5472:15: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(std::snprintf)(cr.data(), cr.size(), "%.2hhX", static_cast<unsigned char>(current));
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/json.h:6898:23: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(std::snprintf)(cs.data(), cs.size(), "<U+%.4X>", static_cast<unsigned char>(c));
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/json.h:12408:43: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(std::snprintf)(string_buffer.data() + bytes, 7, "\\u%04x",
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/json.h:12414:43: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(std::snprintf)(string_buffer.data() + bytes, 13, "\\u%04x\\u%04x",
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/json.h:12452:35: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(std::snprintf)(&sn[0], sn.size(), "%.2X", byte);
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/json.h:12546:27: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(std::snprintf)(&sn[0], sn.size(), "%.2X", static_cast<std::uint8_t>(s.back()));
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/json.h:12747:36: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
std::ptrdiff_t len = (std::snprintf)(number_buffer.data(), number_buffer.size(), "%.*g", d, x);
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1559:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(fsObjIdStr, 32, "%" PRIu64, fsObjId);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:26320:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
{ "access", (sqlite3_syscall_ptr)access, 0 },
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:42456:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define sqlite3DebugPrintf printf
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:53824:42: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define TRACE(X) if(sqlite3BtreeTrace){printf X;fflush(stdout);}
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:67206:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(pOut, zFormat1, pc,
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:99293:14: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
FUNCTION(printf, -1, 0, 0, printfFunc ),
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:103146:12: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
char * (*snprintf)(int,char*,const char*,...);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:103258:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
char *(*vsnprintf)(int,char*,const char*,va_list);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:103398:53: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define sqlite3_snprintf sqlite3_api->snprintf
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:103497:53: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define sqlite3_uri_vsnprintf sqlite3_api->vsnprintf
data/sleuthkit-4.10.0+dfsg/tsk/auto/tsk_db.cpp:72:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parent_path, "%s", "/");
data/sleuthkit-4.10.0+dfsg/tsk/auto/tsk_db.cpp:93:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parent_name, "%s", chptr+1); // copy everything after slash into parent_name
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_base.h:84:64: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define TSK_ERROR_FORMAT_ATTRIBUTE(n,m) __attribute__((format (printf, n, m)))
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:200:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(&errstr_print[pidx],
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:210:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(&errstr_print[pidx],
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:220:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(&errstr_print[pidx],
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:230:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(&errstr_print[pidx],
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:240:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(&errstr_print[pidx],
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:250:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(&errstr_print[pidx],
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:260:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(&errstr_print[pidx],
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:265:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(&errstr_print[pidx], TSK_ERROR_STRING_MAX_LENGTH - pidx,
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:330:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(tsk_error_get_info()->errstr, TSK_ERROR_STRING_MAX_LENGTH,
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:344:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(tsk_error_get_info()->errstr, TSK_ERROR_STRING_MAX_LENGTH,
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:371:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(tsk_error_get_info()->errstr2, TSK_ERROR_STRING_MAX_LENGTH,
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:385:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(tsk_error_get_info()->errstr2, TSK_ERROR_STRING_MAX_LENGTH,
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:404:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(&errstr2[current_length], remaining, format, args);
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_os.h:110:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_os.h:110:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_os.h:146:18: [4] (format) fwprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define TFPRINTF fwprintf
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_os.h:198:18: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define TFPRINTF fprintf
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_os.h:199:19: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define TSNPRINTF snprintf
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_printf.c:53:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(cbuf, clen - 1, msg, *args);
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_printf.c:95:9: [4] (format) fwprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fwprintf(fd, _TSK_T("%s"), wbuf);
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_printf.c:98:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(fd, msg, args);
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_printf.c:122:9: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(_TSK_T("%s"), wbuf);
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_printf.c:125:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(msg, args);
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_printf.c:149:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, str);
data/sleuthkit-4.10.0+dfsg/tsk/fs/exfatfs_dent.c:370:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a_name_info->fs_name->name, EXFATFS_EMPTY_VOLUME_LABEL_DENTRY_NAME);
data/sleuthkit-4.10.0+dfsg/tsk/fs/exfatfs_dent.c:378:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(a_name_info->fs_name->name, tag);
data/sleuthkit-4.10.0+dfsg/tsk/fs/exfatfs_dent.c:429:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a_name_info->fs_name->name, EXFATFS_VOLUME_GUID_DENTRY_NAME);
data/sleuthkit-4.10.0+dfsg/tsk/fs/exfatfs_dent.c:432:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a_name_info->fs_name->name, EXFATFS_ALLOC_BITMAP_DENTRY_NAME);
data/sleuthkit-4.10.0+dfsg/tsk/fs/exfatfs_dent.c:435:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a_name_info->fs_name->name, EXFATFS_UPCASE_TABLE_DENTRY_NAME);
data/sleuthkit-4.10.0+dfsg/tsk/fs/exfatfs_dent.c:438:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a_name_info->fs_name->name, EXFATFS_TEX_FAT_DENTRY_NAME);
data/sleuthkit-4.10.0+dfsg/tsk/fs/exfatfs_dent.c:441:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a_name_info->fs_name->name, EXFATFS_ACT_DENTRY_NAME);
data/sleuthkit-4.10.0+dfsg/tsk/fs/exfatfs_meta.c:844:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a_fs_file->meta->name2->name, EXFATFS_EMPTY_VOLUME_LABEL_DENTRY_NAME);
data/sleuthkit-4.10.0+dfsg/tsk/fs/exfatfs_meta.c:875:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a_fs_file->meta->name2->name, EXFATFS_ALLOC_BITMAP_DENTRY_NAME);
data/sleuthkit-4.10.0+dfsg/tsk/fs/exfatfs_meta.c:914:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a_fs_file->meta->name2->name, EXFATFS_UPCASE_TABLE_DENTRY_NAME);
data/sleuthkit-4.10.0+dfsg/tsk/fs/exfatfs_meta.c:1466:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a_fs_file->meta->name2->name, EXFATFS_VOLUME_GUID_DENTRY_NAME);
data/sleuthkit-4.10.0+dfsg/tsk/fs/exfatfs_meta.c:1473:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a_fs_file->meta->name2->name, EXFATFS_TEX_FAT_DENTRY_NAME);
data/sleuthkit-4.10.0+dfsg/tsk/fs/exfatfs_meta.c:1476:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a_fs_file->meta->name2->name, EXFATFS_ACT_DENTRY_NAME);
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:855:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:1133:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:1188:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(data->fs_name->name, data->fs_name->name_size,
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:6640:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf((char *) fs->fs_id, 17, "%08" PRIx32 "%08" PRIx32,
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:6791:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(loc_errstr + sl, TSK_ERROR_STRING_MAX_LENGTH - sl,
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:6823:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(loc_errstr2 + sl, TSK_ERROR_STRING_MAX_LENGTH - sl,
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs.c:3312:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
len = sprintf(sid_str, "S-1-%" PRIu64, authority);
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs.c:3316:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
len = sprintf(sid_str_offset, "-%" PRIu32, sid->sub_auth[i]);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:1053:14: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (0 != system(buf)) {
data/sleuthkit-4.10.0+dfsg/tsk/img/ewf.cpp:595:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result_buffer, key);
data/sleuthkit-4.10.0+dfsg/tools/srchtools/sigfind.cpp:61:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "b:lo:t:V")) > 0) {
data/sleuthkit-4.10.0+dfsg/tools/srchtools/srch_strings.c:273:24: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((optc = getopt(argc, argv, "afhHn:ot:e:Vv0123456789")) != EOF) {
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:20385:7: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&winMutex_staticMutexes[i].mutex);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:20479:9: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&p->mutex);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:20545:3: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&p->mutex);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:28823:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
lk = random();
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:31411:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( !azDirs[1] ) azDirs[1] = getenv("SQLITE_TMPDIR");
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:31412:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( !azDirs[2] ) azDirs[2] = getenv("TMPDIR");
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:31845:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *envforce = getenv("SQLITE_FORCE_PROXY_LOCKING");
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:38131:34: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( !azDirs[0] ) azDirs[0] = getenv("SQLITE_TMPDIR");
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:38132:34: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( !azDirs[1] ) azDirs[1] = getenv("TMPDIR");
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:38133:34: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( !azDirs[2] ) azDirs[2] = getenv("TMP");
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:38134:34: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( !azDirs[3] ) azDirs[3] = getenv("TEMP");
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:38135:34: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( !azDirs[4] ) azDirs[4] = getenv("USERPROFILE");
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:99311:15: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
VFUNCTION(random, 0, 0, 0, randomFunc ),
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_lock.c:19:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&lock->critical_section);
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_lock.c:31:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&lock->critical_section);
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_os.h:209:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#define GETOPT getopt // points to system char * version
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:993:9: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
CreateProcess(NULL, buf, NULL, NULL, FALSE, 0, NULL, NULL,
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:993:9: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
CreateProcess(NULL, buf, NULL, NULL, FALSE, 0, NULL, NULL,
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/auto_db_java.cpp:577:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extension[24] = "";
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/dataModel_SleuthkitJNI.cpp:845:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char envstr[70];
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/dataModel_SleuthkitJNI.cpp:1588:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fixed_buf [FIXED_BUF_SIZE];
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/dataModel_SleuthkitJNI.cpp:1652:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fixed_buf[FIXED_BUF_SIZE];
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/dataModel_SleuthkitJNI.cpp:1716:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fixed_buf [FIXED_BUF_SIZE];
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/dataModel_SleuthkitJNI.cpp:1781:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fixed_buf [FIXED_BUF_SIZE];
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/dataModel_SleuthkitJNI.cpp:1845:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fixed_buf [FIXED_BUF_SIZE];
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/dataModel_SleuthkitJNI.cpp:1919:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fixed_buf [FIXED_BUF_SIZE];
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/dataModel_SleuthkitJNI.cpp:2003:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *hFile = fopen(str8, "w");
data/sleuthkit-4.10.0+dfsg/rejistry++/src/ByteBuffer.cpp:67:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&_buffer[0], buf, length);
data/sleuthkit-4.10.0+dfsg/rejistry++/src/ByteBuffer.cpp:99:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dst[0], &_buffer[_position + offset], length);
data/sleuthkit-4.10.0+dfsg/samples/callback-cpp-style.cpp:106:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[16];
data/sleuthkit-4.10.0+dfsg/samples/callback-cpp-style.cpp:180:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fs_info->open(img_info, start, TSK_FS_TYPE_DETECT))
data/sleuthkit-4.10.0+dfsg/samples/callback-cpp-style.cpp:242:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (vs_info->open(img_info, start, TSK_VS_TYPE_DETECT)) {
data/sleuthkit-4.10.0+dfsg/samples/callback-cpp-style.cpp:315:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (img_info->open(argv[1], TSK_IMG_TYPE_DETECT, 0) == 1) {
data/sleuthkit-4.10.0+dfsg/samples/callback-style.cpp:106:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[16];
data/sleuthkit-4.10.0+dfsg/samples/posix-cpp-style.cpp:62:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fs_dir->open(fs_info, dir_inum)) == 1) {
data/sleuthkit-4.10.0+dfsg/samples/posix-cpp-style.cpp:209:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fs_info->open(img_info, start, TSK_FS_TYPE_DETECT)) == 1)
data/sleuthkit-4.10.0+dfsg/samples/posix-cpp-style.cpp:259:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((vs_info->open(img_info, start, TSK_VS_TYPE_DETECT)) == 1) {
data/sleuthkit-4.10.0+dfsg/samples/posix-cpp-style.cpp:327:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
img_info->open((const TSK_TCHAR *) argv[1],
data/sleuthkit-4.10.0+dfsg/tests/fs_attrlist_apis.cpp:199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[512];
data/sleuthkit-4.10.0+dfsg/tests/fs_attrlist_apis.cpp:238:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[512];
data/sleuthkit-4.10.0+dfsg/tests/fs_fname_apis.cpp:366:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[512];
data/sleuthkit-4.10.0+dfsg/tests/fs_fname_apis.cpp:404:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[512];
data/sleuthkit-4.10.0+dfsg/tests/fs_fname_apis.cpp:441:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[512];
data/sleuthkit-4.10.0+dfsg/tests/fs_thread_test.cpp:57:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/sleuthkit-4.10.0+dfsg/tests/fs_thread_test.cpp:130:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logname[256];
data/sleuthkit-4.10.0+dfsg/tests/fs_thread_test.cpp:131:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(logname, "thread-%d.log", m_id);
data/sleuthkit-4.10.0+dfsg/tests/fs_thread_test.cpp:133:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* log = fopen(logname, "w");
data/sleuthkit-4.10.0+dfsg/tests/read_apis.cpp:207:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[512];
data/sleuthkit-4.10.0+dfsg/tests/read_apis.cpp:243:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[512];
data/sleuthkit-4.10.0+dfsg/tests/read_apis.cpp:245:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/sleuthkit-4.10.0+dfsg/tests/read_apis.cpp:336:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[512];
data/sleuthkit-4.10.0+dfsg/tests/read_apis.cpp:339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/sleuthkit-4.10.0+dfsg/tests/read_apis.cpp:477:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[512];
data/sleuthkit-4.10.0+dfsg/tests/read_apis.cpp:479:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/sleuthkit-4.10.0+dfsg/tests/read_apis.cpp:641:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[512];
data/sleuthkit-4.10.0+dfsg/tests/read_apis.cpp:679:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[512];
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:85:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t fullpath[TSK_CD_BUFSIZE];
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:88:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file8[TSK_CD_BUFSIZE];
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:104:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t message[64];
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:113:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t file[TSK_CD_BUFSIZE];
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:164:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[TSK_CD_BUFSIZE];
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullPath[TSK_CD_BUFSIZE];
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_vsName[FILENAME_MAX];
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path8[FILENAME_MAX];
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:148:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t path16[FILENAME_MAX];
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:164:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t path16full[FILENAME_MAX+1];
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name8[FILENAME_MAX];
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:210:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t name16[FILENAME_MAX];
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:252:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:307:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((hFile = fopen(fbuf, "w+")) == NULL) {
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/plugins/jpeg_extract.cpp:14:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuf[1024]; // command buffer
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/plugins/jpeg_extract.cpp:15:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[1024];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/arff.cpp:229:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/arff.cpp:248:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/arff.h:72:46: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void set_outfile(string fn) { outfile = fopen(fn.c_str(),"w"); if(!outfile){perror(fn.c_str());exit(1);} }
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/base64.cpp:130:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char input[3];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/base64.cpp:131:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[4];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/content.cpp:123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAXPATHLEN];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/content.cpp:137:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(fname,O_WRONLY|O_TRUNC|O_CREAT|O_EXCL|O_BINARY,0777); // try to open
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/content.cpp:213:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/content.cpp:214:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/content.cpp:224:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/content.cpp:225:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/content.cpp:256:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/content.cpp:258:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf," <byte_run file_offset='%" PRIu64 "' fill='0' len='%" PRIu64 "'", i->file_offset,i->len);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/content.cpp:260:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/content.cpp:265:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/content.cpp:270:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/content.cpp:274:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/content.cpp:279:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf," <byte_run file_offset='%" PRIu64 "' unknown_flags='%d'",i->file_offset,i->flags);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/content.cpp:419:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nulls[65536];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/dfxml.cpp:65:5: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
int mkstemp(char *tmpl)
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/dfxml.cpp:69:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret=open(tmpl,O_RDWR|O_BINARY|O_CREAT|O_EXCL|_O_SHORT_LIVED, _S_IREAD|_S_IWRITE);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/dfxml.cpp:247:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65536];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/dfxml.cpp:299:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/dfxml.cpp:347:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[1024];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/dfxml.cpp:490:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk.cpp:212:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk.cpp:248:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk.cpp:249:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%ld",i);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk.cpp:255:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk.cpp:256:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d.%06d",(int)ts.tv_sec, (int)ts.tv_usec);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk.cpp:340:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk.cpp:355:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk.cpp:373:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk.cpp:378:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk.cpp:621:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t = fopen(text_fn,"w");
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk.cpp:739:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tvbuf[64];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk.cpp:748:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tvbuf, "%d.%06d",(int)tv.tv_sec, (int)tv.tv_usec);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk_tsk.cpp:153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ls[64];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk_tsk.cpp:333:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk_tsk.cpp:461:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(audit_file,"r");
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk_tsk.cpp:463:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk_tsk.cpp:465:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[13];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/fiwalk_tsk.cpp:467:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chop[4];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/hash_t.h:106:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this->digest,provided,this->SIZE);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/hash_t.h:123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[this->SIZE*2+1];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/hash_t.h:281:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(fname,O_RDONLY
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/lua_utf8.c:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8[5];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/lua_utf8.c:209:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char str[2];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/lua_utf8.c:212:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char result[5];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/plugin.cpp:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/plugin.cpp:257:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(fname,"r");
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/plugin.cpp:259:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[1024];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.c:364:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->block[ctx->len], message, rem_len);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.c:381:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->block, &shifted_message[block_nb << 6],
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.c:561:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->block[ctx->len], message, rem_len);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.c:578:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->block, &shifted_message[block_nb << 7],
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.c:663:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->block[ctx->len], message, rem_len);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.c:680:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->block, &shifted_message[block_nb << 7],
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.c:763:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->block[ctx->len], message, rem_len);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.c:780:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->block, &shifted_message[block_nb << 6],
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.c:834:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[2 * SHA512_DIGEST_SIZE + 1];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.c:840:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output + 2 * i, "%02x", digest[i]);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.c:852:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *vectors[4][3] =
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.c:893:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[SHA512_DIGEST_SIZE];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.h:61:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[2 * SHA256_BLOCK_SIZE];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.h:68:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[2 * SHA512_BLOCK_SIZE];
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/unicode_escape.cpp:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/sleuthkit-4.10.0+dfsg/tools/hashtools/hfind.cpp:243:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char htmp[128];
data/sleuthkit-4.10.0+dfsg/tools/hashtools/hfind.cpp:286:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/sleuthkit-4.10.0+dfsg/tools/hashtools/hfind.cpp:306:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle = fopen(lookup_file, "r");
data/sleuthkit-4.10.0+dfsg/tools/hashtools/md5.c:45:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(*argv, "r")) == 0) {
data/sleuthkit-4.10.0+dfsg/tools/hashtools/md5.c:62:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sum[MD5_HASH_LENGTH];
data/sleuthkit-4.10.0+dfsg/tools/hashtools/md5.c:63:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BUFSIZ];
data/sleuthkit-4.10.0+dfsg/tools/hashtools/md5.c:64:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[2 * MD5_HASH_LENGTH + 1];
data/sleuthkit-4.10.0+dfsg/tools/hashtools/sha1.c:45:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sum[SHA_HASH_LENGTH];
data/sleuthkit-4.10.0+dfsg/tools/hashtools/sha1.c:47:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[SHA_BUFSIZ];
data/sleuthkit-4.10.0+dfsg/tools/hashtools/sha1.c:49:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[2 * SHA_HASH_LENGTH + 1];
data/sleuthkit-4.10.0+dfsg/tools/hashtools/sha1.c:86:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(*argv, "r")) == 0) {
data/sleuthkit-4.10.0+dfsg/tools/imgtools/img_cat.cpp:163:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16 * 1024];
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/DriveUtil.cpp:43:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t drive[3];
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/DriveUtil.cpp:508:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char physical[60000];
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/FileExtractor.cpp:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[16 * 1024];
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/RegKey.h:33:46: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void getModifyTime(FILETIME& ft) const { memcpy((void *)&ft, (void *)&m_modifyTime, sizeof(FILETIME)); };
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/RegistryAnalyzer.cpp:39:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_outputFile = fopen(m_outputFilePath.c_str(), "w");
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/RegistryAnalyzer.cpp:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStr[32];
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/RegistryLoader.cpp:78:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char drive[_MAX_DRIVE];
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/RegistryLoader.cpp:79:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[_MAX_DIR];
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/RegistryLoader.cpp:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[_MAX_FNAME];
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/RegistryLoader.cpp:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[_MAX_EXT];
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/ReportUtil.cpp:64:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reportFile = fopen(reportFilename.c_str(), "w");
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/ReportUtil.cpp:73:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
consoleFile = fopen(consoleFileName.c_str(), "w");
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/ReportUtil.cpp:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/TskHelper.cpp:761:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32];
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/json.h:5415:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&result, vec.data(), sizeof(NumberType));
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/json.h:10860:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(vec.data(), &n, sizeof(NumberType));
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/json.h:10891:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&result, &x, sizeof(x));
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/json.h:10987:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&target, &source, sizeof(Source));
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/tsk_logical_imager.cpp:121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_PATH];
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/tsk_logical_imager.cpp:147:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStr[32];
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/tsk_logical_imager.cpp:191:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szDrive[_MAX_DRIVE + 1];
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/tsk_logical_imager.cpp:192:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szDrive, "%c:\\", iDrive + 'A');
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/tsk_logical_imager.cpp:195:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szDrive, "%c:", iDrive + 'A');
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/tsk_logical_imager.cpp:206:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szDrive[_MAX_DRIVE + 1];
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/tsk_logical_imager.cpp:207:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szDrive, "%c:\\", iDrive + 'A');
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/tsk_logical_imager.cpp:210:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szDrive, "%c:", iDrive + 'A');
data/sleuthkit-4.10.0+dfsg/tools/srchtools/srch_strings.c:230:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define file_open(s,m) fopen(s, m)
data/sleuthkit-4.10.0+dfsg/tools/srchtools/srch_strings.c:464:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/sleuthkit-4.10.0+dfsg/tsk/auto/auto_db.cpp:905:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[16];
data/sleuthkit-4.10.0+dfsg/tsk/auto/auto_db.cpp:1002:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TskAutoDb::md5HashAttr(unsigned char md5Hash[16], const TSK_FS_ATTR * fs_attr)
data/sleuthkit-4.10.0+dfsg/tsk/auto/case_db.cpp:70:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (db->open(true)) {
data/sleuthkit-4.10.0+dfsg/tsk/auto/case_db.cpp:100:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (db->open(false)) {
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:560:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TskDbSqlite::open(bool a_toInit)
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:675:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stmt[1024];
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:746:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:772:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:895:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1271:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extension[24] = "";
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1295:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md5Text[48];
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1303:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&(md5Text[i * 2]), "%x%x", (md5[i] >> 4) & 0xf,
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1452:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1468:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1487:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1509:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1556:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fsObjIdStr[32];
data/sleuthkit-4.10.0+dfsg/tsk/auto/guid.cpp:192:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char byteArray[16] =
data/sleuthkit-4.10.0+dfsg/tsk/auto/guid.cpp:222:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char bytes[16] =
data/sleuthkit-4.10.0+dfsg/tsk/auto/guid.cpp:266:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[16] =
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:12365:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zSelName[12]; /* Symbolic name of this SELECT use for debugging */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:12551:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char yDbMask[(SQLITE_MAX_ATTACHED+9)/8];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:13974:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
SQLITE_PRIVATE const unsigned char sqlite3CtypeMap[256] = {
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:14900:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBase[100]; /* Initial space */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:15990:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *z, zBuf[30];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:16256:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[100];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:16276:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[100];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:16295:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[100];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:16332:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[100];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:16520:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[20];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:17527:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zTitle[100]; /* The title text */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:17697:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBt, &aAddr[1], pHdr->nBacktrace*sizeof(void*));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:17706:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z, mem.zTitle, mem.nTitle);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:17773:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNew, pPrior, (int)(nByte<pOldHdr->iSize ? nByte : pOldHdr->iSize));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:17879:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem.zTitle, zTitle, n);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:17903:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(zFilename, "w");
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:18492:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, pPrior, nOld);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:18494:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, pPrior, nBytes);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:18550:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(zFilename, "w");
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:19048:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, pPrior, nOld);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:19170:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(zFilename, "w");
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:21358:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNew, p, db->lookaside.sz);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:21406:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zNew, z, n);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:21418:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zNew, z, (size_t)n);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:21678:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[etBUFSIZE]; /* Conversion buffer */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:22248:35: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if( zOld==0 && p->nChar>0 ) memcpy(zNew, p->zText, p->nChar);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:22282:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->zText[p->nChar], z, N);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:22301:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->zText[p->nChar-N], z, N);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:22324:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->zText, p->zBase, p->nChar+1);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:22372:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBase[SQLITE_PRINT_BUF_SIZE];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:22404:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBase[SQLITE_PRINT_BUF_SIZE];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:22490:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zMsg[SQLITE_PRINT_BUF_SIZE*3]; /* Complete log message */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:22519:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[500];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:22599:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[500];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:22651:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zLine[100];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:22723:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zFlgs[30];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:23003:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s[256]; /* State variables */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:23056:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char k[256];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:23097:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:23104:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:23599:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[100];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:23709:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[100];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:23866:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char zBuf[20];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:24522:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pOut, &u, 8);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:24563:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pValue, &u, 4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:24997:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&x,p,4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:25001:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&x,p,4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:25005:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&x,p,4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:25014:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p,&v,4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:25017:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p,&x,4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:25020:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p,&x,4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:25291:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&a, &x, 8);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:25997:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aPadding[32];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:26283:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(zFile, flags, mode);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:26869:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNew->zCanonicalName, zAbsoluteName, n+1);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:27047:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aSemName[MAX_PATHNAME+2]; /* Name of that semaphore */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:27087:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aErr[80];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:27275:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pInode->fileId, &fileId, sizeof(fileId));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:29179:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBuf, &((u8 *)(pFile->pMapRegion))[offset], amt);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:29183:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBuf, &((u8 *)(pFile->pMapRegion))[offset], nCopy);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:29298:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldCntr[4];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:29314:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((u8 *)(pFile->pMapRegion))[offset], pBuf, amt);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:29318:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((u8 *)(pFile->pMapRegion))[offset], pBuf, nCopy);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:29496:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zDirname[MAX_PATHNAME+1];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:31565:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zDb[MAX_PATHNAME+1]; /* Database file path */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:31592:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zDb, zPath, nDb);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:31670:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zTmpname[MAX_PATHNAME+2];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:31851:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
useProxy = atoi(envforce)>0;
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:32104:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zBuf, &t, sizeof(t));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:32105:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zBuf[sizeof(t)], &randomnessPid, sizeof(randomnessPid));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:32448:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPATHLEN];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:32626:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tPath[MAXPATHLEN];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:32627:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PROXY_MAXCONCHLEN];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:32631:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[64] = "";
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:32720:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tBuf[PROXY_MAXCONCHLEN];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:32770:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readBuf[PROXY_MAXCONCHLEN];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:32771:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lockPath[MAXPATHLEN];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:32827:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lockPath, &readBuf[PROXY_PATHINDEX], pathLen);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:32873:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char writeBuffer[PROXY_MAXCONCHLEN];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:32877:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&writeBuffer[PROXY_HEADERLEN], myHostID, PROXY_HOSTIDLEN);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:33024:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(conchPath, dbPath, len+1);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:33040:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&conchPath[i+1], "-conch", 7);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:33100:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dbPath, (char *)pFile->lockingContext, len + 1);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:33119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbPath[MAXPATHLEN+1]; /* Name of the database file */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:34583:41: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
{ "MultiByteToWideChar", (SYSCALL)MultiByteToWideChar, 0 },
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:35001:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zDbgBuf[SQLITE_WIN32_DBG_BUF_SIZE];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:35008:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zDbgBuf, zBuf, nMin);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:35024:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zDbgBuf, zBuf, nMin);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:35613:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zMsg[500]; /* Human readable error text */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:36257:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBuf, &((u8 *)(pFile->pMapRegion))[offset], amt);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:36263:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBuf, &((u8 *)(pFile->pMapRegion))[offset], nCopy);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:36335:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((u8 *)(pFile->pMapRegion))[offset], pBuf, amt);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:36341:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((u8 *)(pFile->pMapRegion))[offset], pBuf, nCopy);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:39113:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zBuf[n], &x, sizeof(x));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:39118:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zBuf[n], &pid, sizeof(pid));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:39124:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zBuf[n], &cnt, sizeof(cnt));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:39130:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zBuf[n], &cnt, sizeof(cnt));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:39137:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zBuf[n], &i, sizeof(i));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:39145:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zBuf[n], &id, sizeof(UUID));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:39152:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zBuf[n], &id, sizeof(UUID));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:39584:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aiValues, p->u.aHash, sizeof(p->u.aHash));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:39624:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aiValues, p->u.aHash, sizeof(p->u.aHash));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:43008:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbFileVers[16]; /* Changes whenever database file changes */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:43316:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char zRet[1024];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:43397:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ac[4];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:43416:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac[4];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:43586:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aMagic[8]; /* A buffer to hold the magic header */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:43677:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char zeroHdr[28] = {0};
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:43765:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zHeader, aJournalMagic, sizeof(aJournalMagic));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:43842:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aMagic[8]; /* A buffer to hold the magic header */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:44677:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pData, (u8*)aData, pPager->pageSize);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:46459:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zHeader, aJournalMagic, sizeof(aJournalMagic));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:46961:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pPager->zFilename, zPathname, nPathname);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:46962:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if( nUri ) memcpy(&pPager->zFilename[nPathname+1], zUri, nUri);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:46963:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pPager->zJournal, zPathname, nPathname);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:46964:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pPager->zJournal[nPathname], "-journal\000", 8+2);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:46968:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pPager->zWal, zPathname, nPathname);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:46969:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pPager->zWal[nPathname], "-wal\000", 4+1);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:47457:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbFileVers[sizeof(pPager->dbFileVers)];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:48350:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const void *pCopy = (const void *)&((const char *)zBuf)[24];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:50263:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)&aHdr[1], (const void*)&pWal->hdr, sizeof(WalIndexHdr));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:50265:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)&aHdr[0], (const void*)&pWal->hdr, sizeof(WalIndexHdr));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:50293:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aFrame[8], pWal->hdr.aSalt, 8);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:50371:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char zName[15];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:50740:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pWal->hdr.aSalt, &aBuf[16], 8);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:51040:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aLeft, aTmp, sizeof(aTmp[0])*iOut);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:51267:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pWal->hdr.aSalt[1], &salt1, 4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:51617:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pWal->hdr, &h1, sizeof(WalIndexHdr));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:52186:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pWal->hdr, (void *)walIndexHdr(pWal), sizeof(WalIndexHdr));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:52434:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aWalHdr[16], pWal->hdr.aSalt, 8);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:54528:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aSpace[200]; /* Temp space for pIdxKey - to avoid a malloc */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:55142:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&temp[x], &data[x], (cbrk+size) - x);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:55145:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data[cbrk], &src[pc], size);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:55208:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aData[iAddr], &aData[pc], 2);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:55901:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char zDbHeader[100]; /* Database header content */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:55963:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zFullPathname, zFilename, nFilename);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:56795:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, zMagicHeader, sizeof(zMagicHeader));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:58159:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pPayload, pBuf, nByte);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:58162:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBuf, pPayload, nByte);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:58357:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aSave, aWrite, 4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:58360:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aWrite, aSave, 4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:59376:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pPage1->aData[32], &pTrunk->aData[0], 4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:59400:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pPage1->aData[32], &pTrunk->aData[0], 4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:59406:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pPrevTrunk->aData[0], &pTrunk->aData[0], 4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:59429:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pNewTrunk->aData[0], &pTrunk->aData[0], 4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:59431:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pNewTrunk->aData[8], &pTrunk->aData[12], (k-1)*4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:59496:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aData[8+closest*4], &aData[4+k*4], 4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:59978:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pPayload, pSrc, n);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:60088:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTemp, pCell, sz);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:60123:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data[idx], pCell, sz);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:60220:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pTmp[i], &aData[i], usableSize - i);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:60232:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pData, pCell, szCell[i]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:60296:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pSlot, pCArray->apCell[i], sz);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:60389:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTmp, aData, pPg->pBt->usableSize);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:60663:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aTo[iData], &aFrom[iData], pBt->usableSize-iData);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:60664:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aTo[iToHdr], &aFrom[iFromHdr], pFrom->cellOffset + 2*pFrom->nCell);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:60861:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aOvflSpace[iOff], apDiv[i], szNew[i]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:60978:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTemp, apDiv[i], sz);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:60987:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b.apCell[b.nCell], &pOld->aData[8], 4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:61226:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&apNew[nNew-1]->aData[8], &pOld->aData[8], 4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:61301:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pNew->aData[8], pCell, 4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:61532:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pChild->aiOvfl, pRoot->aiOvfl,
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:61534:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pChild->apOvfl, pRoot->apOvfl,
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:61791:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newCell, oldCell, 4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:62518:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[200];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:63022:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zErr[100];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:63708:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zOut, zIn, nCopy);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:64342:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pMem->zMalloc, pMem->z, pMem->n);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:64539:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pMem, &t, sizeof(t));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:64984:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTo, pFrom, MEMCELLSIZE);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:65005:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTo, pFrom, MEMCELLSIZE);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:65029:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTo, pFrom, sizeof(Mem));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:65104:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pMem->z, z, nAlloc);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:66166:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if( p4copy ) memcpy(p4copy, zP4, 8);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:67015:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zTemp[i],",...",4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:67022:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zTemp[i], zColl, n+1);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:67193:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zPtr[50];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:67194:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zCom[100];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:67498:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char z[1000];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:67710:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->azVar, pParse->azVar, p->nzVar*sizeof(p->azVar[0]));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:68582:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *out = fopen("vdbe_profile.out", "a");
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:68601:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zHdr[100];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:68993:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, pMem->z, len);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:69050:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pMem->u.r, &x, sizeof(x));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:70420:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNew, pOrig, MEMCELLSIZE);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:71913:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBase[100]; /* Initial working space */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:72489:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[200];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:73496:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pOut->z, pIn2->z, pIn2->n);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:73498:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pOut->z[pIn2->n], pIn1->z, pIn1->n);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:74691:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pDest->z, zData, len);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:74960:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNew->zName, zName, nName+1);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:76002:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aTempRec[ROUND8(sizeof(UnpackedRecord)) + sizeof(Mem)*4 + 7];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:79813:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->aAlloc, &p->aBuffer[iBuf], nAvail);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:79829:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->aAlloc[nByte - nRem], aNext, nCopy);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:80236:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pKeyInfo, pCsr->pKeyInfo, szKeyInfo);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:80733:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->aBuffer[p->iBufEnd], &pData[nData-nRem], nCopy);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:81108:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(SRVAL(pNew), pVal->z, pVal->n);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:81935:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pOut->z, pKey, nKey);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:82094:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zBuf, &p->zBuf[iOfst], iAmt);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:82117:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->zBuf[iOfst], zBuf, iAmt);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:82347:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zOut, &pChunk->zChunk[iChunkOffset], nCopy);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:82399:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->endpoint.pChunk->zChunk[iChunkOffset], zWrite, iSpace);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:82793:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pExpr, pDup, sizeof(*pExpr));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:84656:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if( pToken->n ) memcpy(pNew->u.zToken, pToken->z, pToken->n);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:85068:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zAlloc, p, nNewSize);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:85071:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zAlloc, p, nSize);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:85083:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zToken, p->u.zToken, nToken);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:89152:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNew->aCol, pTab->aCol, sizeof(Column)*pNew->nCol);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:89497:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->u.aRowid, pData, n);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:89524:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTo->anEq, pFrom->anEq, sizeof(tRowcnt)*p->nCol);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:89525:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTo->anLt, pFrom->anLt, sizeof(tRowcnt)*p->nCol);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:89526:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTo->anDLt, pFrom->anDLt, sizeof(tRowcnt)*p->nCol);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:90954:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pSample->p, sqlite3_column_blob(pStmt, 4), pSample->n);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:91151:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
zFile = (const char *)sqlite3_value_text(argv[0]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:91152:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
zName = (const char *)sqlite3_value_text(argv[1]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:91187:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aNew, db->aDb, sizeof(db->aDb[0])*2);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:91260:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
zKey = (char *)sqlite3_value_blob(argv[2]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:91338:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *zName = (const char *)sqlite3_value_text(argv[0]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:91342:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zErr[128];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:92190:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saveBuf[SAVE_SZ];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:92201:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(saveBuf, &pParse->nVar, SAVE_SZ);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:92206:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pParse->nVar, saveBuf, SAVE_SZ);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:92424:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(db->aDbStatic, db->aDb, 2*sizeof(db->aDb[0]));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:93499:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zStmt[k], zType, len);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:93519:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zExtra, pIdx->azColl, sizeof(char*)*pIdx->nColumn);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:93522:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zExtra, pIdx->aiColumn, sizeof(i16)*pIdx->nColumn);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:93525:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zExtra, pIdx->aSortOrder, pIdx->nColumn);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:94300:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zTab[24];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:94551:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z, pTo->z, pTo->n);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:94579:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z, pToCol->a[i].zName, n);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:94985:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pIndex->zName, zName, nName+1);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:95039:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zExtra, zColl, nColl);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:95294:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&a[1], aVal, nCopy*sizeof(LogEst));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:96312:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pColl, pColl2, sizeof(CollSeq));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:96422:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pColl[0].zName, zName, nName);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:96661:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBest->zName, zName, nName);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:98539:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[50];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:98783:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zOut[j], zRep, nRep);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:98789:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zOut[j], &zStr[i], nStr-i);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:98897:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zResult[8];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:98946:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *zFile = (const char *)sqlite3_value_text(argv[0]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:98952:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
zProc = (const char *)sqlite3_value_text(argv[1]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:99249:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aWc, pDef->pUserData, 3);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:100656:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)pStep->zTarget, zFrom, nFrom);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:102972:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*pzErrMsg, sqlite3_errmsg(db), nErrMsg);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:103122:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open)(const char*,sqlite3**);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:103373:53: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define sqlite3_open sqlite3_api->open
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:104030:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zAltEntry, "sqlite3_", 8);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:104039:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zAltEntry+iEntry, "_init", 6);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:104074:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aHandle, db->aExtension, sizeof(handle)*db->nExtension);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:104933:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pI64, &value, sizeof(value));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:105040:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *aFcntl[4]; /* Argument to SQLITE_FCNTL_PRAGMA */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:106708:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zKey[40];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:106890:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *azArg[4];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:113352:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z, argv[i], n);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:113838:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z, pName->z, pName->n);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:115789:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zCopy, zName, nName+1);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:116796:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNew->zName, pDef->zName, sqlite3Strlen30(pDef->zName)+1);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:117541:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[100]; /* Initial space for EQP output string */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:118602:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pOrTab->a, pTabItem, sizeof(*pTabItem));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:119003:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pWC->a, pOld, sizeof(pWC->a[0])*pWC->nTerm);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:119129:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wc[3]; /* Wildcard characters */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:120267:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aiCur, pWInfo->aiCurOnePass, sizeof(int)*2);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:120276:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pDest->a, pSrc->a, pDest->n*sizeof(pDest->a[0]));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:121743:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zType[4];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:121744:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zType, "...", 4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:121854:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(paNew, p->aLTerm, sizeof(p->aLTerm[0])*p->nLSlot);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:121870:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTo, pFrom, WHERE_LOOP_XFER_SZ);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:121871:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTo->aLTerm, pFrom->aLTerm, pTo->nLTerm*sizeof(pTo->aLTerm[0]));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:123507:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char zName[65];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:123794:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTo->aLoop, pFrom->aLoop, sizeof(WhereLoop*)*iLoop);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:128361:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char zText[553] = {
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:128394:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aHash[127] = {
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:128406:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aNext[124] = {
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:128418:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aLen[124] = {
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:128442:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aCode[124] = {
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:129724:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&y, &x, 8);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:130769:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char zBuf[50];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:132074:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zFile, zUri, nUri);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:133515:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNew, aArg, nArg*sizeof(void *));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:135564:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, zCol, n);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:135860:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->aIndex, aIndex, sizeof(struct Fts3Index) * nIndex);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:135870:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zCsr, argv[2], nName);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:135873:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zCsr, argv[1], nDb);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:135880:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
z = (char *)sqlite3Fts3NextToken(aCol[iCol], &n);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:135881:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zCsr, z, n);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:135886:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert( zCsr <= &((char *)p)[nByte] );
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:136305:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zBuffer[nPrefix], zCsr, nSuffix);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:136457:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, *ppPoslist, n);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:136495:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, *ppPoslist, n);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:136820:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *aaOutput[16]; /* Malloc'd output buffers */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:137212:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTS->aaOutput[0], aDoclist, nDoclist);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:138009:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pRet, sqlite3_value_blob(pVal), sizeof(Fts3Cursor *));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:138130:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
zArg = (const char *)sqlite3_value_text(apVal[1]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:139029:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aDoclist, a[p->nToken-1].pList, nByte+1);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:140504:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)p->pFts3Tab->zDb, zDb, nDb);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:140505:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)p->pFts3Tab->zName, zFts3, nFts3);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:141162:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pRet->pPhrase->aToken[0].z, zToken, nToken);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:141277:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zTemp[nTemp], zByte, nByte);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:141305:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zBuf, zTemp, nTemp);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:142052:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)pp, sqlite3_column_blob(pStmt, 0), sizeof(*pp));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:142151:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(const char *)sqlite3_value_text(argv[0]), &pModule);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:142168:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
zExpr = (const char *)sqlite3_value_text(argv[1]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:142177:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
azCol[ii] = (char *)sqlite3_value_text(argv[ii+2]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:142601:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)new_elem->pKey, pKey, nKey);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:142961:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zReverse[28];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:143540:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *azArg[64];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:143557:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
zName = (const char *)sqlite3_value_text(argv[0]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:143559:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
zInput = (const char *)sqlite3_value_text(argv[argc-1]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:143575:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
azArg[i-1] = (const char *)sqlite3_value_text(argv[i]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:143655:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)pp, sqlite3_column_blob(pStmt, 0), sizeof(*pp));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:143817:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delim[128]; /* flag ASCII delimiters */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:144150:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pSpace, argv[i], n+1);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:144364:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *zByte = (const char *)sqlite3_value_text(apVal[0]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:144370:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pCsr->zInput, zByte, nByte);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:145395:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *zText = (const char *)sqlite3_value_text(apVal[i]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:145858:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pReader->zTerm[nPrefix], pNext, nSuffix);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:146088:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pReader->aNode, zRoot, nRoot);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:146211:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pReader->ppNextElem, aElem, nElem*sizeof(Fts3HashElem *));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:146502:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pTree->aData[nData], &zTerm[nPrefix], nSuffix);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:146516:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTree->zTerm, zTerm, nTerm);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:146766:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pWriter->aData[nData], &zTerm[nPrefix], nSuffix);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:146769:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pWriter->aData[nData], aDoclist, nDoclist);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:146788:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pWriter->zTerm, zTerm, nTerm);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:147096:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pMsr->aBuffer, pList, nList);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:147440:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pCsr->aBuffer[nDoclist], pList, nList);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:148192:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->term.a[nPrefix], &p->aNode[p->iOff], nSuffix);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:148296:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pBlk->a[pBlk->n], &zTerm[nPrefix], nSuffix);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:148299:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNode->key.a, zTerm, nTerm);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:148372:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pPrev->a, zTerm, nTerm);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:148379:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pNode->a[pNode->n], &zTerm[nPrefix], nSuffix);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:148384:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pNode->a[pNode->n], aDoclist, nDoclist);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:148715:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNode->block.a, aRoot, nRoot);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:148727:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNode->key.a, reader.term.a, reader.term.n);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:148737:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNode->block.a, aBlock, nBlock);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:149201:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pHint->a, aHint, nHint);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:149763:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->nNodeSize = atoi(&zVal[9]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:149766:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->nMaxPendingData = atoi(&zVal[11]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:149769:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->bNoIncrDoclist = atoi(&zVal[21]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:149891:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pRet, &p->pList->aData[nSkip], *pnData);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:150284:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pRet->zMatchinfo, zMatchinfo, nStr+1);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:150325:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if( p->bGlobal ) memcpy(aOut, &p->aMatchinfo[1], p->nElem*sizeof(u32));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:150335:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->aMatchinfo[2+p->nElem], &p->aMatchinfo[1], p->nElem*sizeof(u32));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:150759:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pStr->z[pStr->n], zAppend, nAppend);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:151789:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aBuffer[64];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:153161:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNode->zData, zBlob, pRtree->iNodeSize);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:153539:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&c.u,a,4); \
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:153547:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&c.u,a,4); \
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:154109:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBlob, sqlite3_value_blob(pValue), nBlob);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:154291:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zIdxStr[RTREE_MAX_DIMENSIONS*8+1];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:154433:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cell, p, sizeof(RtreeCell));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:154615:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aSpare, aLeft, sizeof(int)*nLeft);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:154684:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aSpare, aLeft, sizeof(int)*nLeft);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:154775:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&left, &aCell[aaSorted[ii][0]], sizeof(RtreeCell));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:154776:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&right, &aCell[aaSorted[ii][nCell-1]], sizeof(RtreeCell));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:154805:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBboxLeft, &aCell[aaSorted[iBestDim][0]], sizeof(RtreeCell));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:154806:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBboxRight, &aCell[aaSorted[iBestDim][iBestSplit]], sizeof(RtreeCell));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:154873:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aCell[nCell], pCell, sizeof(RtreeCell));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:155165:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aCell[ii], pCell, sizeof(RtreeCell));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:155643:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *azSql[N_STATEMENT] = {
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:155832:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pRtree->zDb, argv[1], nDb);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:155833:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pRtree->zName, argv[2], nName);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:155909:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zCell[512];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:156338:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[128];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:156466:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
zLocale = (const char *)sqlite3_value_text(apArg[1]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:156554:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
zLocale = (const char *)sqlite3_value_text(apArg[0]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:156555:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
zName = (const char *)sqlite3_value_text(apArg[1]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:156707:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->zLocale, argv[0], n);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:157629:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zStateDb[5]; /* Db name for state ("stat" or "main") */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:158027:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zRet, zStr, nCopy);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:158180:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pIter->abIndexed, pIter->abTblPk, sizeof(u8)*pIter->nTblCol);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:159124:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pUp->zMask, zMask, pIter->nTblCol);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:159177:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->zStateDb, "stat", 4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:159179:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->zStateDb, "main", 4);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:159966:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zRnd[64];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:160014:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->zTarget, zTarget, nTarget+1);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:160016:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->zRbu, zRbu, nRbu+1);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:160019:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->zState, zState, nState+1);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:160716:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zCopy, zName, nCopy);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:160960:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pNew->base, &vfs_template, sizeof(sqlite3_vfs));
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:160965:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zSpace, zName, nName);
data/sleuthkit-4.10.0+dfsg/tsk/auto/tsk_case_db.h:193:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int md5HashAttr(unsigned char md5Hash[16], const TSK_FS_ATTR * fs_attr);
data/sleuthkit-4.10.0+dfsg/tsk/auto/tsk_db.h:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[TSK_MAX_DB_VS_PART_INFO_DESC_LEN];
data/sleuthkit-4.10.0+dfsg/tsk/auto/tsk_db.h:163:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parent_name[MAX_PATH_LENGTH];
data/sleuthkit-4.10.0+dfsg/tsk/auto/tsk_db.h:164:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parent_path[MAX_PATH_LENGTH + 2]; // +2 is for leading slash and trailing slash
data/sleuthkit-4.10.0+dfsg/tsk/auto/tsk_db.h:173:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual int open(bool) = 0;
data/sleuthkit-4.10.0+dfsg/tsk/auto/tsk_db_sqlite.h:45:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open(bool);
data/sleuthkit-4.10.0+dfsg/tsk/auto/tsk_db_sqlite.h:129:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_dbFilePathUtf8[1024];
data/sleuthkit-4.10.0+dfsg/tsk/base/md5c.c:61:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char PADDING[64] = {
data/sleuthkit-4.10.0+dfsg/tsk/base/md5c.c:172:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TSK_MD5_Final(unsigned char digest[16], TSK_MD5_CTX * context)
data/sleuthkit-4.10.0+dfsg/tsk/base/md5c.c:174:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bits[8];
data/sleuthkit-4.10.0+dfsg/tsk/base/md5c.c:201:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[64];
data/sleuthkit-4.10.0+dfsg/tsk/base/md5c.c:351:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *) output)[i] = (char) value;
data/sleuthkit-4.10.0+dfsg/tsk/base/sha1c.c:172:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((POINTER) eData, (POINTER) data, SHS_DATASIZE);
data/sleuthkit-4.10.0+dfsg/tsk/base/sha1c.c:314:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buffer, count);
data/sleuthkit-4.10.0+dfsg/tsk/base/sha1c.c:317:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buffer, dataCount);
data/sleuthkit-4.10.0+dfsg/tsk/base/sha1c.c:326:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((POINTER) shsInfo->data, (POINTER) buffer, SHS_DATASIZE);
data/sleuthkit-4.10.0+dfsg/tsk/base/sha1c.c:334:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((POINTER) shsInfo->data, (POINTER) buffer, count);
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_base.h:71:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errstr[TSK_ERROR_STRING_MAX_LENGTH + 1];
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_base.h:72:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errstr2[TSK_ERROR_STRING_MAX_LENGTH + 1];
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_base.h:73:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errstr_print[TSK_ERROR_STRING_MAX_LENGTH + 1];
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_base.h:460:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64]; /* input buffer */
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:25:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *tsk_err_aux_str[TSK_ERR_IMG_MAX] = {
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:31:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *tsk_err_img_str[TSK_ERR_IMG_MAX] = {
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:49:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *tsk_err_mm_str[TSK_ERR_VS_MAX] = {
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:60:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *tsk_err_fs_str[TSK_ERR_FS_MAX] = {
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:81:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *tsk_err_hdb_str[TSK_ERR_HDB_MAX] = {
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:96:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *tsk_err_auto_str[TSK_ERR_AUTO_MAX] = {
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:103:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *tsk_err_pool_str[TSK_ERR_POOL_MAX] = {
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_os.h:145:15: [2] (integer) _wtoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define TATOI _wtoi
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_os.h:197:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define TATOI atoi
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_unicode.c:80:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char trailingBytesForUTF8[256] = {
data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs.cpp:542:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(_crypto.vek, vek.get(), vek_len);
data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs.cpp:547:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(_crypto.vek + 0x10, _crypto.vek_uuid,
data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs.cpp:552:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(_crypto.vek + 0x10, hash.get(), 0x10);
data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs.cpp:1013:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(dp.get(), data, next_key->length);
data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs.cpp:1044:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(dp.get(), data, next_key->length);
data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs_compat.cpp:317:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_buf[1024];
data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs_compat.cpp:434:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->uuid, vol.uuid().bytes().data(), 16);
data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs_compat.cpp:1109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs_fs.cpp:38:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(key.get(), crypto.vek, 0x20);
data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs_fs.cpp:105:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0];
data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs_fs.cpp:147:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0];
data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs_fs.cpp:156:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[0];
data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs_fs.h:17:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0x80];
data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs_fs.h:18:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[16];
data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs_fs.h:19:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password_hint[0x100];
data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs_fs.h:20:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatted_by[0x20];
data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs_fs.h:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kext_ver_str[0x20];
data/sleuthkit-4.10.0+dfsg/tsk/fs/decmpfs.c:44:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[CHUNK];
data/sleuthkit-4.10.0+dfsg/tsk/fs/decmpfs.c:45:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[CHUNK];
data/sleuthkit-4.10.0+dfsg/tsk/fs/decmpfs.c:88:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in, srcPtr, (size_t) amtToCopy); // cast OK because of above test
data/sleuthkit-4.10.0+dfsg/tsk/fs/decmpfs.c:122:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(destPtr, out, have);
data/sleuthkit-4.10.0+dfsg/tsk/fs/decmpfs.c:164:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fourBytes[4]; // Size of the offset table, little endian
data/sleuthkit-4.10.0+dfsg/tsk/fs/decmpfs.c:259:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fourBytes[4];
data/sleuthkit-4.10.0+dfsg/tsk/fs/decmpfs.c:355:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uncBuf, rawBuf + 1, len - 1);
data/sleuthkit-4.10.0+dfsg/tsk/fs/decmpfs.c:931:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a_buf + bytesCopied, uncBufPtr, bytesToCopy);
data/sleuthkit-4.10.0+dfsg/tsk/fs/decmpfs.h:33:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char attr_bytes[0]; /* the bytes of the attribute after the header, if any. */
data/sleuthkit-4.10.0+dfsg/tsk/fs/dls_lib.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostnamebuf[BUFSIZ];
data/sleuthkit-4.10.0+dfsg/tsk/fs/dls_lib.c:53:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hostnamebuf, "unknown");
data/sleuthkit-4.10.0+dfsg/tsk/fs/dls_lib.c:57:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hostnamebuf, "unknown");
data/sleuthkit-4.10.0+dfsg/tsk/fs/exfatfs_dent.c:305:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&a_name_info->file_name_utf16[(a_name_info->current_file_name_length_utf16_chars * 2)], dentry->utf16_name_chars, num_utf16_chars_to_copy * 2);
data/sleuthkit-4.10.0+dfsg/tsk/fs/exfatfs_meta.c:1126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf16_name[512];
data/sleuthkit-4.10.0+dfsg/tsk/fs/exfatfs_meta.c:1265:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(utf16_name + name_bytes_written, &(temp_dentry.data[2]), bytes_to_copy);
data/sleuthkit-4.10.0+dfsg/tsk/fs/ext2fs.c:808:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a_ptr, data_buf, copy_len);
data/sleuthkit-4.10.0+dfsg/tsk/fs/ext2fs.c:1894:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeBuf[128];
data/sleuthkit-4.10.0+dfsg/tsk/fs/ext2fs.c:2610:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ls[12];
data/sleuthkit-4.10.0+dfsg/tsk/fs/ext2fs.c:2614:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeBuf[128];
data/sleuthkit-4.10.0+dfsg/tsk/fs/ext2fs.c:2813:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/sleuthkit-4.10.0+dfsg/tsk/fs/ext2fs.c:2848:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[256];
data/sleuthkit-4.10.0+dfsg/tsk/fs/ext2fs.c:2910:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char perm[64];
data/sleuthkit-4.10.0+dfsg/tsk/fs/fatfs_dent.cpp:185:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(load->curdirptr, buf, len);
data/sleuthkit-4.10.0+dfsg/tsk/fs/fatfs_meta.c:898:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeBuf[128];
data/sleuthkit-4.10.0+dfsg/tsk/fs/ffs.c:198:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) dino_buf, ffs->itbl_buf + offs,
data/sleuthkit-4.10.0+dfsg/tsk/fs/ffs.c:230:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) dino_buf, ffs->itbl_buf + offs,
data/sleuthkit-4.10.0+dfsg/tsk/fs/ffs.c:460:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, buf, read_count);
data/sleuthkit-4.10.0+dfsg/tsk/fs/ffs.c:592:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, buf, read_count);
data/sleuthkit-4.10.0+dfsg/tsk/fs/ffs.c:722:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, buf, read_count);
data/sleuthkit-4.10.0+dfsg/tsk/fs/ffs.c:1312:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeBuf[128];
data/sleuthkit-4.10.0+dfsg/tsk/fs/ffs.c:1691:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ls[12];
data/sleuthkit-4.10.0+dfsg/tsk/fs/ffs.c:1695:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeBuf[128];
data/sleuthkit-4.10.0+dfsg/tsk/fs/ffs.c:1772:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[257];
data/sleuthkit-4.10.0+dfsg/tsk/fs/ffs.c:1829:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, ea->name, ea->nlen);
data/sleuthkit-4.10.0+dfsg/tsk/fs/ffs.c:1868:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, ea->name, ea->nlen);
data/sleuthkit-4.10.0+dfsg/tsk/fs/fls_lib.c:81:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char null_buf[16];
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_attr.c:244:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a_fs_attr->rd.buf, res_data, len);
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_attr.c:809:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &fs_attr->rd.buf[off], read_len);
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_attr.c:1140:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a_buf, &a_fs_attr->rd.buf[a_offset], len_toread);
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_block.c:171:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a_fs_block->buf, a_buf, a_fs->block_size);
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:498:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *didx[MAX_DEPTH];
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:501:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirs[DIR_STRSZ];
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_inode.c:25:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tsk_fs_meta_type_str[TSK_FS_META_TYPE_STR_MAX][2] =
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_io.c:161:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a_buf, temp_buffer + a_off - start, a_len);
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_load.c:35:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf1->cur, buf, cp_size);
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_name.c:34:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tsk_fs_name_type_str[TSK_FS_NAME_TYPE_STR_MAX][2] =
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_name.c:236:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(a_buf, "----------");
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_name.c:297:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_name.c:298:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tsk_fs_time_to_str(time_t time, char buf[128])
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_name.c:325:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_name.c:327:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128])
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_name.c:350:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foo[128];
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_name.c:604:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ls[12];
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_open.c:130:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TSK_FS_INFO* (*open)(TSK_IMG_INFO*, TSK_OFF_T,
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_open.c:169:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fs_info = FS_OPENERS[i].open(
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_types.c:123:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[16];
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:1155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rec_type[2];
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:1517:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) key.parent_cnid, (char *) thread.parent_cnid,
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:1519:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) &key.name, (char *) &thread.name, sizeof(key.name));
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:1560:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) &entry->cat, (char *) &record, sizeof(hfs_folder));
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:1568:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) &entry->cat, (char *) &record, sizeof(hfs_file));
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:1572:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) &entry->thread, (char *) &thread, sizeof(hfs_thread));
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:2297:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fork, &(a_entry->file.data), sizeof(hfs_fork));
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:2298:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fork[1], &(a_entry->file.resource), sizeof(hfs_fork));
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:2523:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fourBytes[4]; // Size of the offset table, little endian
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:2619:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fourBytes[4];
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:2715:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uncBuf, rawBuf + 1, len - 1);
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:3291:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a_buf + bytesCopied, uncBufPtr, bytesToCopy);
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:4115:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nameBuff[HFS_MAX_ATTR_NAME_LEN_UTF8_B+1];
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:4182:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, attrData->attr_data, attributeLength);
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:4369:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[5]; // type is really 4 chars, but we will null-terminate
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:4560:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lenBuff[4]; // first 4 bytes of a resource encodes its length
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:4579:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nameBuffer, name + 1, nameLen);
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:4590:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nameBuffer, "<none>", 6);
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:4630:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rsrc->type, tlItem->type, 4);
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:5313:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[HFS_MAXNAMLEN + 1];
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:5337:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[HFS_MAXNAMLEN + 1];
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:5405:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeBuf[128];
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:5752:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hfs_mode[12];
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:5755:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeBuf[128];
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:5816:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_buf[HFS_MAXNAMLEN + 1];
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs_dent.c:115:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uniclean, uni, ulen * 2);
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs_dent.c:250:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(info->fs_name->name, "..");
data/sleuthkit-4.10.0+dfsg/tsk/fs/ils_lib.c:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostnamebuf[BUFSIZ];
data/sleuthkit-4.10.0+dfsg/tsk/fs/ils_lib.c:63:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hostnamebuf, "unknown");
data/sleuthkit-4.10.0+dfsg/tsk/fs/ils_lib.c:67:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hostnamebuf, "unknown");
data/sleuthkit-4.10.0+dfsg/tsk/fs/ils_lib.c:89:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostnamebuf[BUFSIZ];
data/sleuthkit-4.10.0+dfsg/tsk/fs/ils_lib.c:95:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hostnamebuf, "unknown");
data/sleuthkit-4.10.0+dfsg/tsk/fs/ils_lib.c:99:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hostnamebuf, "unknown");
data/sleuthkit-4.10.0+dfsg/tsk/fs/ils_lib.c:171:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ls[12];
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:212:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[258];
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:215:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, er->ext_id, er->len_id);
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:219:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, er->ext_id + er->len_id, er->len_des);
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:223:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, er->ext_id + er->len_id + er->len_des,
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:429:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ISO9660_SSIZE_B];
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:589:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in_node->inode.fn,
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:604:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
in_node->inode.version = atoi(file_ver + 1);
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:629:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(in_node->inode.dr), dentry, sizeof(iso9660_dentry));
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:787:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf16_buf[ISO9660_MAXNAMLEN_JOL + 1]; // UTF-16 name from img
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:788:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8buf[2 * ISO9660_MAXNAMLEN_JOL + 1]; // UTF-8 version of name
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:891:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[ISO9660_MAXNAMLEN_STD + 1]; /* store current directory name */
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:1012:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dinode, &n->inode, sizeof(iso9660_inode));
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:1585:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dd, &dinode->dr, sizeof(iso9660_dentry));
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:1653:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[129]; /* store name of publisher/preparer/etc */
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:1931:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&perm[1], "r-xr-xr-x");
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:1941:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode_buf[11];
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:2039:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeBuf[128];
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:2064:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dd, &dinode->dr, sizeof(iso9660_dentry));
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:2109:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char perm_buf[11];
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:2151:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char perm_buf[11];
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660_dent.c:137:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fs_name->name, "..");
data/sleuthkit-4.10.0+dfsg/tsk/fs/lzvn.c:81:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data, ptr, sizeof data);
data/sleuthkit-4.10.0+dfsg/tsk/fs/lzvn.c:87:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data, ptr, sizeof data);
data/sleuthkit-4.10.0+dfsg/tsk/fs/lzvn.c:93:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data, ptr, sizeof data);
data/sleuthkit-4.10.0+dfsg/tsk/fs/lzvn.c:105:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &data, sizeof data);
data/sleuthkit-4.10.0+dfsg/tsk/fs/lzvn.c:109:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &data, sizeof data);
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs.c:1655:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&a_buf[buf_idx], &comp.uncomp_buf[byteoffset],
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs.c:1733:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NTFS_MAXNAMLEN_UTF8 + 1];
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs.c:2522:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(map->name[map->num_used], &list->name, list->nlen * 2);
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs.c:2577:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ntfs_dinode_lookup(ntfs, (char *) mft,
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs.c:3600:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ntfs->sii_data.buffer +
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs.c:4200:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asc[512];
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs.c:4414:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeBuf[128];
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs.c:4574:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name8buf[NTFS_MAXNAMLEN_UTF8 + 1];
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs.c:4817:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[512];
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs_dent.cpp:914:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fs_name->name, "..");
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs_dent.cpp:1383:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *didx[MAX_DEPTH];
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs_dent.cpp:1386:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirs[DIR_STRSZ];
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_apfs.h:308:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatted_by[APFS_MODIFIED_NAMELEN]; // 0x110
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_apfs.h:312:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kext_ver_str[APFS_MODIFIED_NAMELEN];
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_apfs.h:316:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[APFS_VOLNAME_LEN]; // 0x2C0
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_apfs.h:614:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0]; // 0x32 (name_length bytes)
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_apfs.h:714:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0]; // 0x0C (name_length bytes)
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_ext2fs.h:135:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_volume_name[16];
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_ext2fs.h:136:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_last_mounted[64];
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_ext2fs.h:426:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[EXT2FS_MAXNAMLEN];
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_ext2fs.h:435:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[EXT2FS_MAXNAMLEN];
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fatfs.h:204:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fatc_buf[FATFS_FAT_CACHE_N][FATFS_FAT_CACHE_B]; //r/w shared - lock
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fatfs.h:247:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boot_sector_buffer[FATFS_MASTER_BOOT_RECORD_SIZE];
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fatxxfs.h:84:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oemname[8];
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_ffs.h:367:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_name[256];
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_ffs.h:386:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_name[256];
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fs.h:361:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[TSK_FS_META_NAME_LIST_NSIZE]; ///< Name in UTF-8 (does not include parent directory name)
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fs.h:412:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tsk_fs_meta_type_str[TSK_FS_META_TYPE_STR_MAX][2];
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fs.h:588:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tsk_fs_name_type_str[TSK_FS_NAME_TYPE_STR_MAX][2];
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fs.h:748:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5_digest[16];
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fs.h:749:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1_digest[20];
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fs.h:1884:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint8_t open(const TskVsPartInfo * a_part_info,
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fs.h:1903:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint8_t open(TskImgInfo * a_img_info, TSK_OFF_T a_offset,
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fs.h:2279:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint8_t open(TskFsInfo * a_fs, TSK_DADDR_T a_addr) {
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fs.h:2788:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint8_t open(TskFsInfo * a_fs, TskFsFile * a_fs_file,
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fs.h:2811:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint8_t open(TskFsInfo * a_fs, TskFsFile * a_fs_file,
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fs.h:3000:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint8_t open(TskFsInfo * a_fs, TSK_INUM_T a_addr) {
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fs.h:3015:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint8_t open(TskFsInfo * a_fs, const char *a_dir) {
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fs_i.h:173:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *tsk_fs_time_to_str(time_t, char buf[128]);
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fs_i.h:173:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *tsk_fs_time_to_str(time_t, char buf[128]);
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fs_i.h:174:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *tsk_fs_time_to_str_subsecs(time_t, unsigned int subsecs,
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fs_i.h:175:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128]);
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_hfs.h:621:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blockmap_cache[4096]; ///< Cache for blockmap (r/w shared - lock)
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_hfs.h:693:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char type[4];
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[ISODCL(2, 6)]; ///< magic number. "CD001"
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:207:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ver[ISODCL(7, 7)]; ///< volume descriptor version
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:208:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x[ISODCL(8, 2048)]; ///< Depends on descriptor type
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:213:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unused1[ISODCL(1, 8)]; /* should be 0. unused. */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:214:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sys_id[ISODCL(9, 40)]; /* system identifier */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:215:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vol_id[ISODCL(41, 72)]; /* volume identifier */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:216:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unused2[ISODCL(73, 80)]; /* should be 0. unused. */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:219:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unused3[ISODCL(89, 120)]; /* should be 0. unused. */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:233:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vol_setid[ISODCL(191, 318)]; /* volume set identifier */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:234:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pub_id[ISODCL(319, 446)]; /* publisher identifier */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:235:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char prep_id[ISODCL(447, 574)]; /* data preparer identifier */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:236:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char app_id[ISODCL(575, 702)]; /* application identifier */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:237:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char copy_id[ISODCL(703, 739)]; /* copyright file identifier */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:238:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char abs_id[ISODCL(740, 776)]; /* abstract file identifier */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:239:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bib_id[ISODCL(777, 813)]; /* bibliographic file identifier */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:245:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res[ISODCL(883, 883)]; /* reserved */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:246:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char app_use[ISODCL(884, 1395)]; /* application use */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:247:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reserv[ISODCL(1396, 2048)]; /* reserved */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:253:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sys_id[ISODCL(9, 40)]; /* system identifier */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:254:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vol_id[ISODCL(41, 72)]; /* volume identifier */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:255:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unused2[ISODCL(73, 80)]; /* should be 0. unused. */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:272:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vol_setid[ISODCL(191, 318)]; /* volume set identifier */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:273:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pub_id[ISODCL(319, 446)]; /* publisher identifier */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:274:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char prep_id[ISODCL(447, 574)]; /* data preparer identifier */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:275:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char app_id[ISODCL(575, 702)]; /* application identifier */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:276:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char copy_id[ISODCL(703, 739)]; /* copyright file identifier */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:277:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char abs_id[ISODCL(740, 776)]; /* abstract file identifier */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:278:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bib_id[ISODCL(777, 813)]; /* bibliographic file identifier */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:283:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fs_ver[ISODCL(882, 882)]; /* file structure version */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:284:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res[ISODCL(883, 883)]; /* reserved */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:285:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char app_use[ISODCL(884, 1395)]; /* application use */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:286:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reserv[ISODCL(1396, 2048)]; /* reserved */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:291:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boot_sys_id[ISODCL(8, 39)]; /* boot system identifier */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:292:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boot_id[ISODCL(40, 71)]; /* boot identifier */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:293:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char system_use[ISODCL(72, 2048)]; /* system use */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:355:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[ISO9660_MAXNAMLEN_RR]; /* alternate filename */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:364:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[ISO9660_MAXNAMLEN + 1]; /* file name */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:410:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig[2];
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:420:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig[2];
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:435:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig[2];
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:443:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig[2];
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:450:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext_id[1]; ///< Extension ID text (with length of len_id);
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:458:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig[ISODCL(1, 2)]; /* signature, should be "RR" */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:466:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig[ISODCL(1, 2)]; /* signature, should be "PX" */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:483:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig[ISODCL(1, 2)]; /* signature, should be "PN" */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:494:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig[ISODCL(1, 2)]; /* signature, should be "SL" */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:502:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig[ISODCL(1, 2)]; /* signature, should be "NM" */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:506:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1]; // start of the name
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:511:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig[ISODCL(1, 2)]; /* signature, should be "CL" */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:519:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig[ISODCL(1, 2)]; /* signature, should be "RE" */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:526:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig[ISODCL(1, 2)]; /* signature, should be "TF" */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_iso9660.h:534:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig[ISODCL(1, 2)]; /* signature, should be "SF" */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_ntfs.h:71:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oemname[8]; // 3
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_ntfs.h:459:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[128]; /* label in unicode */
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_yaffs.h:81:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[YAFFS_HEADER_NAME_LENGTH];
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_yaffs.h:90:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alias[YAFFS_HEADER_ALIAS_LENGTH];
data/sleuthkit-4.10.0+dfsg/tsk/fs/unix_misc.c:319:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buf[4] = {NULL};
data/sleuthkit-4.10.0+dfsg/tsk/fs/usnjls_lib.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:747:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1001];
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:784:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (config_file = fopen(config_file_name, "r"))) {
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:1327:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&head->obj_type, hdr, 4);
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:1328:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&head->parent_id, &hdr[4], 4);
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:1329:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(head->name, (char*) &hdr[0xA], YAFFS_HEADER_NAME_LENGTH);
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:1330:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&head->file_mode, &hdr[0x10C], 4);
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:1331:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&head->user_id, &hdr[0x110], 4);
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:1332:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&head->group_id, &hdr[0x114], 4);
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:1333:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&head->atime, &hdr[0x118], 4);
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:1334:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&head->mtime, &hdr[0x11C], 4);
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:1335:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&head->ctime, &hdr[0x120], 4);
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:1336:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&head->file_size, &hdr[0x124], 4);
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:1337:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&head->equivalent_id, &hdr[0x128], 4);
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:1338:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(head->alias, (char*) &hdr[0x12C], YAFFS_HEADER_ALIAS_LENGTH);
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:1418:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&seq_number, &spr[yfs->spare_seq_offset], 4);
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:1419:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&object_id, &spr[yfs->spare_obj_id_offset], 4);
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:1420:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&chunk_id, &spr[yfs->spare_chunk_id_offset], 4);
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:1525:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&parentID, &tempBuf[4], 4);
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:1993:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a_fs_file->meta->link, header->alias, YAFFS_HEADER_ALIAS_LENGTH);
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:2440:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ls[12];
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:2442:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeBuf[128];
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:2586:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version_string[64]; // Allow a max of 64 bytes in the version string
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:3074:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
yaffsfs->page_size = atoi(configParams[YAFFS_CONFIG_PAGE_SIZE_STR].c_str());
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:3081:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
yaffsfs->spare_size = atoi(configParams[YAFFS_CONFIG_SPARE_SIZE_STR].c_str());
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:3088:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
yaffsfs->chunks_per_block = atoi(configParams[YAFFS_CONFIG_CHUNKS_PER_BLOCK_STR].c_str());
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:3111:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
yaffsfs->spare_seq_offset = atoi(configParams[YAFFS_CONFIG_SEQ_NUM_STR].c_str());
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:3112:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
yaffsfs->spare_obj_id_offset = atoi(configParams[YAFFS_CONFIG_OBJ_ID_STR].c_str());
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:3113:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
yaffsfs->spare_chunk_id_offset = atoi(configParams[YAFFS_CONFIG_CHUNK_ID_STR].c_str());
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:248:37: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (idx_idx_file = fopen(hdb_binsrch_info->idx_idx_fname, "rb"))) {
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:301:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char head[TSK_HDB_MAXLEN];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:302:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char head2[TSK_HDB_MAXLEN];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:388:47: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (hdb_binsrch_info->hIdx = fopen(hdb_binsrch_info->idx_fname, "r"))) {
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:615:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbtmp[32];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:736:46: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (hdb_binsrch_info->hIdxTmp = fopen(hdb_binsrch_info->uns_fname, "w"))) {
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:900:33: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (idx_idx_file = fopen(hdb_binsrch_info->idx_idx_fname, "wb"))) {
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:922:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digits[4];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:971:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buf[TSK_HDB_MAXLEN];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:1028:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TSK_HDB_MAXLEN];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:1108:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ucHash[TSK_HDB_HTYPE_SHA1_LEN + 1]; // Set to the longest hash length + 1
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:1177:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digits[4];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:1504:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashbuf[TSK_HDB_HTYPE_SHA1_LEN + 1];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/encase.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/encase.c:49:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buf[40];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/encase.c:119:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[19];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/encase.c:120:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phash[19];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/encase.c:157:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(phash, buf, 18);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/encase.c:207:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[19];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/encase.c:228:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash_str[TSK_HDB_HTYPE_MD5_LEN+1];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/hashkeeper.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TSK_HDB_MAXLEN];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/hashkeeper.c:271:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TSK_HDB_MAXLEN];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/hashkeeper.c:378:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TSK_HDB_MAXLEN], name[TSK_HDB_MAXLEN], *ptr =
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/idxonly.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TSK_HDB_NAME_MAXLEN];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/md5sum.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TSK_HDB_MAXLEN];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/md5sum.c:207:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TSK_HDB_MAXLEN];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/md5sum.c:308:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TSK_HDB_MAXLEN], *name, *ptr = NULL, pname[TSK_HDB_MAXLEN];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/nsrl.c:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TSK_HDB_MAXLEN];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/nsrl.c:391:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TSK_HDB_MAXLEN];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/nsrl.c:508:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TSK_HDB_MAXLEN], *name, *cur_hash, pname[TSK_HDB_MAXLEN];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/sqlite_hdb.cpp:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql_stmt[1024];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/sqlite_hdb.cpp:254:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[header_size];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/sqlite_hdb.cpp:331:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashbuf[TSK_HDB_HTYPE_SHA2_256_LEN + 1];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/tsk_hashdb.c:33:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(file_path, "rb");
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/tsk_hashdb.h:115:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char db_name[TSK_HDB_NAME_MAXLEN]; ///< Name of the database, for callbacks
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/tsk_hashdb.h:225:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint8_t open(TSK_TCHAR * a_dbFile, TSK_HDB_OPEN_ENUM a_flags) {
data/sleuthkit-4.10.0+dfsg/tsk/img/aff.c:83:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[512];
data/sleuthkit-4.10.0+dfsg/tsk/img/aff.c:275:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
image = (char *) tsk_malloc(strlen(images[0]) + 1);
data/sleuthkit-4.10.0+dfsg/tsk/img/ewf.cpp:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_string[TSK_EWF_ERROR_STRING_SIZE])
data/sleuthkit-4.10.0+dfsg/tsk/img/ewf.cpp:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_string[TSK_EWF_ERROR_STRING_SIZE];
data/sleuthkit-4.10.0+dfsg/tsk/img/ewf.cpp:167:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[512];
data/sleuthkit-4.10.0+dfsg/tsk/img/ewf.cpp:177:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, O_RDONLY | O_BINARY)) < 0) {
data/sleuthkit-4.10.0+dfsg/tsk/img/ewf.cpp:207:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_string[TSK_EWF_ERROR_STRING_SIZE];
data/sleuthkit-4.10.0+dfsg/tsk/img/ewf.h:40:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md5hash[33];
data/sleuthkit-4.10.0+dfsg/tsk/img/ewf.h:42:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sha1hash[41];
data/sleuthkit-4.10.0+dfsg/tsk/img/img_io.c:34:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a_buf, buf2, nbytes);
data/sleuthkit-4.10.0+dfsg/tsk/img/img_io.c:37:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a_buf, buf2, a_len);
data/sleuthkit-4.10.0+dfsg/tsk/img/img_io.c:154:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a_buf,
data/sleuthkit-4.10.0+dfsg/tsk/img/img_io.c:232:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a_buf, &(a_img_info->cache[cache_next][rel_off]), len2);
data/sleuthkit-4.10.0+dfsg/tsk/img/img_types.c:88:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[16];
data/sleuthkit-4.10.0+dfsg/tsk/img/img_writer.cpp:265:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char newBlockOffset[4];
data/sleuthkit-4.10.0+dfsg/tsk/img/img_writer.cpp:787:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char batBuf[4] = { 0xff, 0xff, 0xff, 0xff };
data/sleuthkit-4.10.0+dfsg/tsk/img/raw.c:115:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(raw_info->img_info.images[idx], O_RDONLY | O_BINARY)) < 0) {
data/sleuthkit-4.10.0+dfsg/tsk/img/raw.c:239:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, sector_aligned_buf + rel_offset % raw_info->img_info.sector_size, len);
data/sleuthkit-4.10.0+dfsg/tsk/img/raw.c:607:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(a_file, O_RDONLY | O_BINARY)) < 0) {
data/sleuthkit-4.10.0+dfsg/tsk/img/tsk_img.h:98:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cache[TSK_IMG_INFO_CACHE_NUM][TSK_IMG_INFO_CACHE_LEN]; ///< read cache (r/w shared - lock)
data/sleuthkit-4.10.0+dfsg/tsk/img/tsk_img.h:185:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint8_t open(const TSK_TCHAR * a_image, TSK_IMG_TYPE_ENUM a_type,
data/sleuthkit-4.10.0+dfsg/tsk/img/tsk_img.h:209:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint8_t open(int a_num_img, const TSK_TCHAR * const a_images[],
data/sleuthkit-4.10.0+dfsg/tsk/img/tsk_img.h:234:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint8_t open(const char *a_image, TSK_IMG_TYPE_ENUM a_type,
data/sleuthkit-4.10.0+dfsg/tsk/img/tsk_img.h:261:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint8_t open(int a_num_img, const char *const a_images[],
data/sleuthkit-4.10.0+dfsg/tsk/img/vhd.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_string[TSK_VHDI_ERROR_STRING_SIZE])
data/sleuthkit-4.10.0+dfsg/tsk/img/vhd.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_string[TSK_VHDI_ERROR_STRING_SIZE];
data/sleuthkit-4.10.0+dfsg/tsk/img/vhd.c:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_string[TSK_VHDI_ERROR_STRING_SIZE];
data/sleuthkit-4.10.0+dfsg/tsk/img/vhd.c:147:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_string[TSK_VHDI_ERROR_STRING_SIZE];
data/sleuthkit-4.10.0+dfsg/tsk/img/vmdk.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_string[TSK_VMDK_ERROR_STRING_SIZE])
data/sleuthkit-4.10.0+dfsg/tsk/img/vmdk.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_string[TSK_VMDK_ERROR_STRING_SIZE];
data/sleuthkit-4.10.0+dfsg/tsk/img/vmdk.c:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_string[TSK_VMDK_ERROR_STRING_SIZE];
data/sleuthkit-4.10.0+dfsg/tsk/img/vmdk.c:147:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_string[TSK_VMDK_ERROR_STRING_SIZE];
data/sleuthkit-4.10.0+dfsg/tsk/pool/apfs_pool_compat.cpp:168:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_buf[1024];
data/sleuthkit-4.10.0+dfsg/tsk/pool/pool_types.cpp:28:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[16];
data/sleuthkit-4.10.0+dfsg/tsk/util/crypto.cpp:63:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, key1, 16);
data/sleuthkit-4.10.0+dfsg/tsk/util/crypto.cpp:64:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key + 16, key2, 16);
data/sleuthkit-4.10.0+dfsg/tsk/util/crypto.cpp:69:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, key1, 32);
data/sleuthkit-4.10.0+dfsg/tsk/util/crypto.cpp:70:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key + 32, key2, 32);
data/sleuthkit-4.10.0+dfsg/tsk/vs/mm_types.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[16];
data/sleuthkit-4.10.0+dfsg/tsk/vs/tsk_dos.h:34:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oemname[8];
data/sleuthkit-4.10.0+dfsg/tsk/vs/tsk_vs.h:374:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint8_t open(TskImgInfo * a_imgInfo, TSK_DADDR_T a_offset,
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/auto_db_java.cpp:357:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vs_part_db.desc, vs_part->desc, TSK_MAX_DB_VS_PART_INFO_DESC_LEN - 1);
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/auto_db_java.cpp:429:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((fs_file->name->name == NULL) || (strlen(fs_file->name->name) == 0))) {
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/auto_db_java.cpp:448:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t extLen = strlen(ext);
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/auto_db_java.cpp:451:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(extension, ext + 1, extLen - 1);
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/auto_db_java.cpp:473:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t input_len = strlen(input) + 1;
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/auto_db_java.cpp:557:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attr_nlen = strlen(fs_attr->name);
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/auto_db_java.cpp:568:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(fs_file->name->name);
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/auto_db_java.cpp:575:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, fs_file->name->name, nlen);
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/auto_db_java.cpp:582:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(name, ":", nlen - strlen(name));
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/auto_db_java.cpp:582:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(name, ":", nlen - strlen(name));
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/auto_db_java.cpp:584:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(name, fs_attr->name, nlen - strlen(name));
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/auto_db_java.cpp:584:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(name, fs_attr->name, nlen - strlen(name));
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/auto_db_java.cpp:596:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t path_len = strlen(path) + 2;
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/auto_db_java.cpp:602:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(escaped_path, "/", path_len);
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/auto_db_java.cpp:603:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(escaped_path, path, path_len - strlen(escaped_path));
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/auto_db_java.cpp:603:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(escaped_path, path, path_len - strlen(escaped_path));
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/auto_db_java.cpp:661:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& ((strlen(name) > 0) && (!TSK_FS_ISDOT(name)))
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/auto_db_java.cpp:665:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(name, "-slack", 6);
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/auto_db_java.cpp:666:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(extension) > 0) {
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/auto_db_java.cpp:667:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(extension, "-slack", 6);
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/dataModel_SleuthkitJNI.cpp:246:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lengthOfUtf8 = strlen(str8);
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/dataModel_SleuthkitJNI.cpp:265:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)&buffer[0], str8, size);
data/sleuthkit-4.10.0+dfsg/bindings/java/jni/dataModel_SleuthkitJNI.cpp:837:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tzstr) > 64) {
data/sleuthkit-4.10.0+dfsg/rejistry++/src/ByteBuffer.cpp:72:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read<uint8_t>(offset);
data/sleuthkit-4.10.0+dfsg/rejistry++/src/ByteBuffer.cpp:107:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read<uint16_t>(offset);
data/sleuthkit-4.10.0+dfsg/rejistry++/src/ByteBuffer.cpp:114:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read<uint32_t>(offset);
data/sleuthkit-4.10.0+dfsg/rejistry++/src/ByteBuffer.cpp:121:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read<uint64_t>(offset);
data/sleuthkit-4.10.0+dfsg/rejistry++/src/ByteBuffer.h:79:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template <typename T> T read() const {
data/sleuthkit-4.10.0+dfsg/rejistry++/src/ByteBuffer.h:80:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
T bytes = read<T>(_position);
data/sleuthkit-4.10.0+dfsg/rejistry++/src/ByteBuffer.h:87:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template <typename T> T read(uint32_t offset) const {
data/sleuthkit-4.10.0+dfsg/samples/posix-cpp-style.cpp:128:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cnt = fs_file->read(off, buf, len,
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:91:5: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(fullpath, (wchar_t *) m_lclDir, TSK_CD_BUFSIZE);
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:92:9: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wcslen((wchar_t *) a_dir) > 0)
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:114:9: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(file, a_dir, TSK_CD_BUFSIZE);
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:134:27: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ilen = wcslen(file);
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:168:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fullPath, m_lclDir, TSK_CD_BUFSIZE);
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:169:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fullPath, a_dir, TSK_CD_BUFSIZE-strlen(fullPath));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:169:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(fullPath, a_dir, TSK_CD_BUFSIZE-strlen(fullPath));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:175:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(file, a_dir, TSK_CD_BUFSIZE);
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:176:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(file, "/", TSK_CD_BUFSIZE-strlen(file));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:176:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(file, "/", TSK_CD_BUFSIZE-strlen(file));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:177:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(file, dirp->d_name, TSK_CD_BUFSIZE-strlen(file));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:177:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(file, dirp->d_name, TSK_CD_BUFSIZE-strlen(file));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:179:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fullPath, m_lclDir, TSK_CD_BUFSIZE);
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:180:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fullPath, file, TSK_CD_BUFSIZE-strlen(fullPath));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:180:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(fullPath, file, TSK_CD_BUFSIZE-strlen(fullPath));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:261:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(a_fs_file->name->name) + strlen(a_path) + 1;
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:261:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(a_fs_file->name->name) + strlen(a_path) + 1;
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:269:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fullPath, a_path, len-strlen(fullPath));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:269:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(fullPath, a_path, len-strlen(fullPath));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:270:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fullPath, a_fs_file->name->name, len-strlen(fullPath));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:270:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(fullPath, a_fs_file->name->name, len-strlen(fullPath));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_comparedir.cpp:274:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (size_t i = 0; i < strlen(fullPath); i++) {
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:137:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path8, m_vsName, FILENAME_MAX);
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:138:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(path8, a_path, FILENAME_MAX-strlen(path8));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:138:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(path8, a_path, FILENAME_MAX-strlen(path8));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:139:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ilen = strlen(path8);
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:166:5: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(path16full, (wchar_t *) m_base_dir, FILENAME_MAX);
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:167:5: [1] (buffer) wcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is low because the source is a
constant character.
wcsncat(path16full, L"\\", FILENAME_MAX-wcslen(path16full));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:167:45: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcsncat(path16full, L"\\", FILENAME_MAX-wcslen(path16full));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:168:5: [1] (buffer) wcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
wcsncat(path16full, path16, FILENAME_MAX-wcslen(path16full));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:168:46: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcsncat(path16full, path16, FILENAME_MAX-wcslen(path16full));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:172:15: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = wcslen((const wchar_t *) path16full);
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:203:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name8, a_fs_file->name->name, FILENAME_MAX);
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:212:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ilen = strlen(name8);
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:226:5: [1] (buffer) wcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
wcsncat(path16full, name16, FILENAME_MAX-wcslen(path16full));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:226:46: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcsncat(path16full, name16, FILENAME_MAX-wcslen(path16full));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:261:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (size_t i = 0; i < strlen(fbuf); i++) {
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:269:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fbuf);
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:294:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fbuf[strlen(fbuf) - 1] != '/')
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:295:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(fbuf, "/", PATH_MAX - strlen(fbuf));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:295:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(fbuf, "/", PATH_MAX - strlen(fbuf));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:297:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fbuf, a_fs_file->name->name, PATH_MAX - strlen(fbuf));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:297:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(fbuf, a_fs_file->name->name, PATH_MAX - strlen(fbuf));
data/sleuthkit-4.10.0+dfsg/tools/autotools/tsk_recover.cpp:300:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int i = strlen(fbuf)-1; fbuf[i] != '/'; i--) {
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/lua_utf8.c:107:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str)<pos) {
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/lua_utf8.c:121:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(utf8, str+pos-1, clen);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/lua_utf8.c:160:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.c:905:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha224((const unsigned char *) message1, strlen(message1), digest);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.c:907:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha224((const unsigned char *) message2a, strlen(message2a), digest);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.c:915:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha256((const unsigned char *) message1, strlen(message1), digest);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.c:917:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha256((const unsigned char *) message2a, strlen(message2a), digest);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.c:925:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha384((const unsigned char *) message1, strlen(message1), digest);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.c:927:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha384((const unsigned char *)message2b, strlen(message2b), digest);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.c:935:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha512((const unsigned char *) message1, strlen(message1), digest);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/sha2.c:937:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha512((const unsigned char *) message2b, strlen(message2b), digest);
data/sleuthkit-4.10.0+dfsg/tools/fiwalk/src/utils.c:93:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(fd, buf, count);
data/sleuthkit-4.10.0+dfsg/tools/hashtools/hfind.cpp:351:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf) - 1] = '\0';
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/DriveUtil.cpp:514:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (char *pos = physical; *pos; pos += strlen(pos) + 1) {
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/TskHelper.cpp:166:12: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
&& equal(lilStr.begin(), lilStr.end(), bigStr.begin());
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/TskHelper.cpp:216:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clen = strlen(a_path) + 1;
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/TskHelper.cpp:220:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cpath, a_path, clen);
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/json.h:2342:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return std::fgetc(m_file);
data/sleuthkit-4.10.0+dfsg/tools/logicalimager/json.h:2647:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::strlen(reinterpret_cast<const char*>(b))) {}
data/sleuthkit-4.10.0+dfsg/tools/srchtools/srch_strings.c:477:29: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(stream);
data/sleuthkit-4.10.0+dfsg/tsk/auto/auto.cpp:818:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ilen = strlen(imagePath);
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:35:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(m_dbFilePathUtf8, a_dbFilePathUtf8, 1024);
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:48:5: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(m_dbFilePath, a_dbFilePath, 1024);
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:55:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(m_dbFilePathUtf8, "");
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:952:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((fs_file->name->name == NULL) || (strlen(fs_file->name->name) == 0)))
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1251:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attr_nlen = strlen(fs_attr->name);
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1262:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(fs_file->name->name);
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1269:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, fs_file->name->name, nlen);
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1277:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(name, ":", nlen - strlen(name));
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1277:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(name, ":", nlen - strlen(name));
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1278:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(name, fs_attr->name, nlen - strlen(name));
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1278:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(name, fs_attr->name, nlen - strlen(name));
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1283:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t path_len = strlen(path) + 2;
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1291:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(escaped_path, "/", path_len);
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1292:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(escaped_path, path, path_len - strlen(escaped_path));
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1292:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(escaped_path, path, path_len - strlen(escaped_path));
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1385:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& ((strlen(name) > 0 ) && (! TSK_FS_ISDOT(name)))
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1389:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(name, "-slack", 6);
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1390:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(extension) > 0) {
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:1391:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(extension, "-slack", 6);
data/sleuthkit-4.10.0+dfsg/tsk/auto/db_sqlite.cpp:2127:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rowData.desc, (char*)text, copyChars);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:24023:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return 0x3fffffff & (int)strlen(z);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:26349:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ "read", (sqlite3_syscall_ptr)read, 0 },
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:26865:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (int)strlen(zAbsoluteName);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:29499:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(ii=(int)strlen(zDirname); ii>1 && zDirname[ii]!='/'; ii--);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:30261:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nShmFilename = 6 + (int)strlen(zBasePath);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:31339:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nFilename = (int)strlen(zFilename) + 6;
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:31448:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (strlen(zDir) + strlen(SQLITE_TEMP_FILE_PREFIX) + 18) >= (size_t)nBuf ){
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:31448:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (strlen(zDir) + strlen(SQLITE_TEMP_FILE_PREFIX) + 18) >= (size_t)nBuf ){
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:31454:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = (int)strlen(zBuf);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:31727:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( (flags & SQLITE_OPEN_URI) || zName[strlen(zName)+1]==0 );
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:31740:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( zName[strlen(zName)+1]==0 );
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:32007:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nCwd = (int)strlen(zOut);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:32136:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(microseconds);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:32432:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dbLen = (int)strlen(dbPath);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:32453:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(lockPath);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:32709:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000); /* wait 0.5 sec and try the lock again*/
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:32735:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000000); /* wait 10 sec and try the lock again */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:32884:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
writeSize = PROXY_PATHINDEX + strlen(&writeBuffer[PROXY_PATHINDEX]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:33015:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int)strlen(dbPath); /* Length of database filename - dbPath */
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:33041:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( (int)strlen(conchPath) == len+7 );
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:33091:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( (int)strlen((char*)pFile->lockingContext)<=MAXPATHLEN );
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:33099:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen((char *)pFile->lockingContext) - strlen(DOTLOCK_SUFFIX);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:33099:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen((char *)pFile->lockingContext) - strlen(DOTLOCK_SUFFIX);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:33103:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( strlen((char*)pFile->lockingContext)<=MAXPATHLEN );
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:117941:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( zAff==0 || (int)strlen(zAff)>=nEq );
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:135281:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nRet = 2 + (int)strlen(zInput)*2 + 1;
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:135552:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nStr += (int)strlen(zCol) + 1;
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:135563:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = (int)strlen(zCol)+1;
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:135629:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( strlen(argv[0])==4 );
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:135634:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nDb = (int)strlen(argv[1]) + 1;
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:135635:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nName = (int)strlen(argv[2]) + 1;
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:135669:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(z)>8
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:135708:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(zVal)!=4 || sqlite3_strnicmp(zVal, "fts3", 4) ){
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:135734:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (strlen(zVal)!=3 || sqlite3_strnicmp(zVal, "asc", 3))
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:135735:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (strlen(zVal)!=4 || sqlite3_strnicmp(zVal, "desc", 4))
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:135768:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nString += (int)(strlen(z) + 1);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:135891:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = (int)strlen(p->azColumn[iCol]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:135894:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( zNot && n==(int)strlen(zNot)
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:140476:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nDb = (int)strlen(zDb);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:140480:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nDb = (int)strlen(zDb);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:140488:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nFts3 = (int)strlen(zFts3);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:141472:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nStr = (int)strlen(zStr);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:141906:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (int)strlen(z);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:142332:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( nKey<=0 ) nKey = (int) strlen(z);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:142723:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c->nInput = (int)strlen(zInput);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:143185:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*pnOut = i = (int)strlen(z);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:143446:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zEnd = &zCopy[strlen(zCopy)];
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:143456:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m = (sqlite3_tokenizer_module *)sqlite3Fts3HashFind(pHash,z,(int)strlen(z)+1);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:143857:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, n = (int)strlen(argv[1]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:143909:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c->nBytes = (int)strlen(pInput);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:144101:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nName = (int)strlen(zName);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:144139:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nByte += (int)(strlen(argv[i]) + 1);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:144148:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = (int)strlen(argv[i]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:150275:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nStr = (int)strlen(zMatchinfo);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:150740:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nAppend = (int)strlen(zAppend);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:152084:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = (int)strlen(z);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:152136:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pCsr->nInput = (int)strlen(aInput);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:154189:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| (idxStr && (int)strlen(idxStr)==argc*2) );
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:155818:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nDb = (int)strlen(argv[1]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:155819:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nName = (int)strlen(argv[2]);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:155916:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nCell = (int)strlen(zCell);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:155925:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nCell = (int)strlen(zCell);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:156697:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(argv[0])+1;
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:156753:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nInput = strlen(zInput);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:158024:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nCopy = strlen(zStr) + 1;
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:158577:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(zMask)!=pIter->nTblCol ){
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:159999:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nTarget = strlen(zTarget);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:160000:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nRbu = strlen(zRbu);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:160001:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nState = zState ? strlen(zState) : 0;
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:160129:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nErrmsg = strlen(p->zErrmsg);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:160687:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(zName);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:160713:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nCopy = strlen(zName);
data/sleuthkit-4.10.0+dfsg/tsk/auto/sqlite3.c:160947:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nName = strlen(zName);
data/sleuthkit-4.10.0+dfsg/tsk/auto/tsk_db.cpp:50:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t path_len = strlen(path);
data/sleuthkit-4.10.0+dfsg/tsk/auto/tsk_db.cpp:78:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (parent_path[strlen(parent_path)-1] == '/') {
data/sleuthkit-4.10.0+dfsg/tsk/auto/tsk_db.cpp:79:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parent_path[strlen(parent_path)-1] = '\0';
data/sleuthkit-4.10.0+dfsg/tsk/auto/tsk_db.h:235:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t extLen = strlen(ext);
data/sleuthkit-4.10.0+dfsg/tsk/auto/tsk_db.h:238:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(extension, ext + 1, extLen -1);
data/sleuthkit-4.10.0+dfsg/tsk/base/crc.c:177:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = 0; i <strlen(TestString); i++)
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:268:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pidx = strlen(errstr_print);
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:274:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pidx = strlen(errstr_print);
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:280:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pidx = strlen(errstr_print);
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_error.c:398:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int current_length = (int) (strlen(errstr2) + 1); // +1 for a space
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_os.h:135:17: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define TSTRLEN wcslen
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_os.h:139:18: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define TSTRNCPY wcsncpy
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_os.h:140:18: [1] (buffer) wcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
#define TSTRNCAT wcsncat
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_os.h:187:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define TSTRLEN strlen
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_os.h:191:18: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define TSTRNCPY strncpy
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_os.h:192:18: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
#define TSTRNCAT strncat
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_printf.c:55:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cbuf);
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_printf.c:145:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = tsk_malloc(strlen(str) + 1);
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_printf.c:151:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (index = 0; index < strlen(buf); index++)
data/sleuthkit-4.10.0+dfsg/tsk/base/tsk_unicode.c:547:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t total_len = strlen(source);
data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs.cpp:123:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pool.read(block_num * APFS_BLOCK_SIZE, _storage.data(), APFS_BLOCK_SIZE);
data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs_compat.cpp:433:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(info->name, vol.name().c_str(), sizeof(info->name) - 1);
data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs_compat.cpp:435:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(info->password_hint, vol.password_hint().c_str(),
data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs_compat.cpp:437:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(info->formatted_by, vol.formatted_by().c_str(),
data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs_compat.cpp:453:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(l.kext_ver_str, log.logstr.c_str(), sizeof(l.kext_ver_str));
data/sleuthkit-4.10.0+dfsg/tsk/fs/apfs_compat.cpp:530:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_name->name, child.name.c_str(), fs_name->name_size);
data/sleuthkit-4.10.0+dfsg/tsk/fs/exfatfs_dent.c:103:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(a_name_info->fs_name->name) == 0) &&
data/sleuthkit-4.10.0+dfsg/tsk/fs/exfatfs_dent.c:119:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a_name_info->fs_name->name) > 0) {
data/sleuthkit-4.10.0+dfsg/tsk/fs/exfatfs_dent.c:373:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a_name_info->actual_name_length_utf8_bytes = strlen(a_name_info->fs_name->name);
data/sleuthkit-4.10.0+dfsg/tsk/fs/exfatfs_dent.c:375:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tag_length = strlen(tag);
data/sleuthkit-4.10.0+dfsg/tsk/fs/ext2fs.c:2840:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, (char *) &ea_entry->name, ea_entry->nlen);
data/sleuthkit-4.10.0+dfsg/tsk/fs/ext2fs.c:2850:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(val,
data/sleuthkit-4.10.0+dfsg/tsk/fs/ext2fs_dent.c:55:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_name->name, dir->name, tsk_getu16(fs->endian,
data/sleuthkit-4.10.0+dfsg/tsk/fs/ext2fs_dent.c:77:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_name->name, dir->name, dir->name_len);
data/sleuthkit-4.10.0+dfsg/tsk/fs/fatfs_dent.cpp:359:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_name->name, FATFS_MBRNAME, fs_name->name_size);
data/sleuthkit-4.10.0+dfsg/tsk/fs/fatfs_dent.cpp:369:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_name->name, FATFS_FAT1NAME, fs_name->name_size);
data/sleuthkit-4.10.0+dfsg/tsk/fs/fatfs_dent.cpp:380:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_name->name, FATFS_FAT2NAME, fs_name->name_size);
data/sleuthkit-4.10.0+dfsg/tsk/fs/fatfs_meta.c:179:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_meta->name2->name, FATFS_MBRNAME,
data/sleuthkit-4.10.0+dfsg/tsk/fs/fatfs_meta.c:237:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_meta->name2->name, FATFS_FAT1NAME,
data/sleuthkit-4.10.0+dfsg/tsk/fs/fatfs_meta.c:243:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_meta->name2->name, FATFS_FAT2NAME,
data/sleuthkit-4.10.0+dfsg/tsk/fs/fatxxfs_dent.c:229:21: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fs_name->name, volstr,
data/sleuthkit-4.10.0+dfsg/tsk/fs/ffs_dent.c:50:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_name->name, dir->d_name, fs_name->name_size);
data/sleuthkit-4.10.0+dfsg/tsk/fs/ffs_dent.c:94:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_name->name, dir->d_name, fs_name->name_size);
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_attr.c:181:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((name == NULL) || (strlen(name) == 0)) {
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_attr.c:190:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fs_attr->name_size < (strlen(name) + 1)) {
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_attr.c:191:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fs_attr->name = tsk_realloc(fs_attr->name, strlen(name) + 1);
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_attr.c:194:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fs_attr->name_size = strlen(name) + 1;
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_attr.c:196:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_attr->name, name, fs_attr->name_size);
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:424:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tsk_fs_name_alloc(fs_name->name ? strlen(fs_name->name) +
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:426:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fs_name->shrt_name ? strlen(fs_name->shrt_name) +
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:570:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strncasecmp(name->name, "Users", strlen("Users"))) {
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:573:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (0 == strncasecmp(name->name, "Documents and Settings", strlen("Documents and Settings"))) {
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:576:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (0 == strncasecmp(name->name, "home", strlen("home"))) {
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:579:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (0 == strncasecmp(name->name, "ProgramData", strlen("ProgramData"))) {
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:582:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (0 == strncasecmp(name->name, "Windows", strlen("Windows"))) {
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:585:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (0 == strncasecmp(name->name, "$Orphan", strlen("$Orphan"))) {
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:588:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (0 == strncasecmp(name->name, "pagefile", strlen("pagefile"))) {
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:591:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (0 == strncasecmp(name->name, "hiberfil", strlen("hiberfil"))) {
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:784:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(a_dinfo->dirs) +
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:785:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(fs_file->name->name))) {
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:799:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&a_dinfo->dirs[strlen(a_dinfo->dirs)];
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:800:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(a_dinfo->didx[a_dinfo->depth],
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:802:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DIR_STRSZ - strlen(a_dinfo->dirs));
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:1009:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(a_fs_meta->name2->name, "$OrphanFiles",
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:1183:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(a_fs_file->meta->name2->name) > 0) {
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_dir.c:1184:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(data->fs_name->name, a_fs_file->meta->name2->name,
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_name.c:160:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a_fs_name_from->name) >= a_fs_name_to->name_size) {
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_name.c:161:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a_fs_name_to->name_size = strlen(a_fs_name_from->name) + 16;
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_name.c:168:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(a_fs_name_to->name, a_fs_name_from->name,
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_name.c:180:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a_fs_name_from->shrt_name) >=
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_name.c:183:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(a_fs_name_from->shrt_name) + 16;
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_name.c:190:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(a_fs_name_to->shrt_name, a_fs_name_from->shrt_name,
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_name.c:304:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf, "0000-00-00 00:00:00 (UTC)", 128);
data/sleuthkit-4.10.0+dfsg/tsk/fs/fs_name.c:333:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf, "0000-00-00 00:00:00 (UTC)", 32);
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:1775:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_file->meta->name2->name, HFS_CATALOGNAME,
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:1854:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_file->meta->name2->name, HFS_EXTENTSNAME,
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:1924:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_file->meta->name2->name, HFS_ALLOCATIONNAME,
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:2005:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_file->meta->name2->name, HFS_STARTUPNAME,
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:2083:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_file->meta->name2->name, HFS_ATTRIBUTESNAME,
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:2157:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_file->meta->name2->name, HFS_BAD_BLOCK_FILE_NAME,
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:6785:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sl = strlen(errstr);
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:6790:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sl = strlen(loc_errstr);
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs.c:6822:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sl = strlen(loc_errstr2);
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs_dent.c:442:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_name->name, HFS_EXTENTS_FILE_NAME,
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs_dent.c:447:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_name->name, HFS_CATALOG_FILE_NAME,
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs_dent.c:455:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_name->name, HFS_BAD_BLOCK_FILE_NAME,
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs_dent.c:460:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_name->name, HFS_ALLOCATION_FILE_NAME,
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs_dent.c:467:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_name->name, HFS_STARTUP_FILE_NAME,
data/sleuthkit-4.10.0+dfsg/tsk/fs/hfs_dent.c:474:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_name->name, HFS_ATTRIBUTES_FILE_NAME,
data/sleuthkit-4.10.0+dfsg/tsk/fs/ifind_lib.c:70:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_name->name, fs_name_list->name, fs_name->name_size);
data/sleuthkit-4.10.0+dfsg/tsk/fs/ifind_lib.c:183:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clen = strlen(a_path) + 1;
data/sleuthkit-4.10.0+dfsg/tsk/fs/ifind_lib.c:187:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cpath, a_path, clen);
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:313:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rr->fn, &rr_nm->name[0], len);
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:505:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a_fn) > ISO9660_MAXNAMLEN_STD) {
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:513:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(in_node->inode.fn, a_fn, ISO9660_MAXNAMLEN_STD + 1);
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:610:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (in_node->inode.fn[strlen(in_node->inode.fn) - 1] ==
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:612:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
in_node->inode.fn[strlen(in_node->inode.fn) - 1] =
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660.c:616:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(in_node->inode.fn) == 0) {
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660_dent.c:115:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(fs_name->name, ".");
data/sleuthkit-4.10.0+dfsg/tsk/fs/iso9660_dent.c:173:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_name->name, in->inode.fn, ISO9660_MAXNAMLEN);
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs_dent.cpp:420:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tsk_getu16(fs->endian, a_idxe->strlen));
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs_dent.cpp:429:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a_idxe->strlen))
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs_dent.cpp:444:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (fname->nlen > tsk_getu16(fs->endian, a_idxe->strlen)) {
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs_dent.cpp:465:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((tsk_getu16(fs->endian, a_idxe->strlen) == 0) ||
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs_dent.cpp:567:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(tsk_getu16(fs->endian, a_idxe->strlen) == 0) ||
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs_dent.cpp:581:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a_idxe->strlen),
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs_dent.cpp:612:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tsk_getu16(fs->endian, a_idxe->strlen) == 0) {
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs_dent.cpp:891:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(fs_name->name, ".");
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs_dent.cpp:1329:33: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_name->name, n2->name, fs_name->name_size);
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs_dent.cpp:1436:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs_dent.cpp:1467:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fs_name_list_par->name);
data/sleuthkit-4.10.0+dfsg/tsk/fs/ntfs_dent.cpp:1664:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_file->name->name, fs_name_list->name,
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fs.h:1465:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read(TSK_OFF_T a_offset, char *a_buf, size_t a_len,
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fs.h:1783:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read(TSK_OFF_T a_off, char *a_buf, size_t a_len) {
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fs.h:2916:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read(TSK_FS_ATTR_TYPE_ENUM a_type, uint16_t a_id,
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_fs.h:2931:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read(TSK_OFF_T a_offset, char *a_buf, size_t a_len,
data/sleuthkit-4.10.0+dfsg/tsk/fs/tsk_ntfs.h:435:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint8_t strlen[2]; /* length of stream */
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:1692:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_file->meta->name2->name, name,
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:1741:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_file->meta->name2->name, name,
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:1955:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(a_fs_file->meta->name2->name, real_name,
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:2609:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_name->name, YAFFS_OBJECT_LOSTNFOUND_NAME,
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:2613:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_name->name, YAFFS_OBJECT_UNLINKED_NAME,
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:2617:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_name->name, YAFFS_OBJECT_DELETED_NAME,
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:2621:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_name->name, header->name, fs_name->name_size - 64);
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:2632:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((file_ext != NULL) && (file_ext != fs_name->name) && (strlen(file_ext) < 7)){
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:2638:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fs_name->name, version_string, 64);
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:2774:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_name->name, YAFFS_OBJECT_UNLINKED_NAME, fs_name->name_size);
data/sleuthkit-4.10.0+dfsg/tsk/fs/yaffs.cpp:2783:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fs_name->name, YAFFS_OBJECT_DELETED_NAME, fs_name->name_size);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:413:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(head, TSK_HDB_IDX_HEAD_TYPE_STR, strlen(TSK_HDB_IDX_HEAD_TYPE_STR))
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:440:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(head2, TSK_HDB_IDX_HEAD_NAME_STR, strlen(TSK_HDB_IDX_HEAD_NAME_STR))
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:442:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hdb_binsrch_info->idx_off = (uint16_t) (strlen(head));
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:444:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hdb_binsrch_info->idx_off = (uint16_t) (strlen(head) + strlen(head2));
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:444:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hdb_binsrch_info->idx_off = (uint16_t) (strlen(head) + strlen(head2));
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:449:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = &head[strlen(TSK_HDB_IDX_HEAD_TYPE_STR) + 1];
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:453:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr[strlen(ptr) - 1] = '\0';
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:454:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ptr[strlen(ptr) - 1] == 10) || (ptr[strlen(ptr) - 1] == 13)) {
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:454:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ptr[strlen(ptr) - 1] == 10) || (ptr[strlen(ptr) - 1] == 13)) {
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:455:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr[strlen(ptr) - 1] = '\0';
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:926:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(digits, hdb_binsrch_info->idx_lbuf, 3);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:1111:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hash) == TSK_HDB_HTYPE_MD5_LEN) {
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:1114:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(hash) == TSK_HDB_HTYPE_SHA1_LEN) {
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:1125:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(hash); i++) {
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:1141:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (hdb_binsrch_info->hash_len != strlen(hash)) {
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:1146:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
func_name, hdb_binsrch_info->hash_len, strlen(hash));
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:1154:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
func_name, hdb_binsrch_info->hash_len, strlen(hash));
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:1159:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = 0;i < strlen(hash);i++){
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:1167:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ucHash[strlen(hash)] = '\0';
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:1178:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(digits, ucHash, 3);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:1286:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(hdb_binsrch_info->idx_lbuf) < hdb_binsrch_info->idx_llen) ||
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:1377:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(hdb_binsrch_info->idx_lbuf) <
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:1441:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(hdb_binsrch_info->idx_lbuf) <
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/binsrch_index.cpp:1541:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t hash_len = strlen(hash);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/encase.c:74:12: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ilen = wcslen(buf) * (sizeof(wchar_t) / sizeof(UTF16));
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/encase.c:214:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hash) != TSK_HDB_HTYPE_MD5_LEN) {
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/hashkeeper.c:39:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) < 150)
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/hashkeeper.c:46:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(ptr, "\"file_id\"", strlen("\"file_id\"")) != 0)
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/hashkeeper.c:54:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(ptr, ",\"hashset_id\"", strlen(",\"hashset_id\"")) != 0)
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/hashkeeper.c:58:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(ptr, ",\"file_name\"", strlen(",\"file_name\"")) != 0)
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/hashkeeper.c:62:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(ptr, ",\"directory\"", strlen(",\"directory\"")) != 0)
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/hashkeeper.c:66:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(ptr, ",\"hash\"", strlen(",\"hash\"")) != 0)
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/hashkeeper.c:115:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((str == NULL) || (strlen(str) < TSK_HDB_HTYPE_MD5_LEN))
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/hashkeeper.c:205:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, dir, n_len);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/hashkeeper.c:206:21: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(name, "\\", n_len);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/hashkeeper.c:209:21: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(name, file, n_len);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/hashkeeper.c:220:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(ptr) < 2 + TSK_HDB_HTYPE_MD5_LEN)
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/hashkeeper.c:300:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/hashkeeper.c:324:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(phash, hash, TSK_HDB_HTYPE_MD5_LEN + 1);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/hashkeeper.c:387:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hash) != TSK_HDB_HTYPE_MD5_LEN) {
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/hashkeeper.c:422:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/hashkeeper.c:459:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pname, name, TSK_HDB_MAXLEN);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/idxonly.c:48:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(TSK_HDB_IDX_HEAD_NAME_STR)) != 0) {
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/idxonly.c:57:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(bufptr[i] != '\r' && bufptr[i] != '\n' && i < strlen(bufptr))
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/md5sum.c:36:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) < TSK_HDB_HTYPE_MD5_LEN)
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/md5sum.c:87:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) < TSK_HDB_HTYPE_MD5_LEN + 1) {
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/md5sum.c:100:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/md5sum.c:133:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ptr[strlen(ptr) - 1] == '\n')
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/md5sum.c:134:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr[strlen(ptr) - 1] = '\0';
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/md5sum.c:158:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (4 + TSK_HDB_HTYPE_MD5_LEN > strlen(ptr)) {
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/md5sum.c:232:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/md5sum.c:255:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(phash, hash, TSK_HDB_HTYPE_MD5_LEN + 1);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/md5sum.c:316:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hash) != TSK_HDB_HTYPE_MD5_LEN) {
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/md5sum.c:350:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/md5sum.c:384:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pname, name, TSK_HDB_MAXLEN);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/nsrl.c:77:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) < 45)
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/nsrl.c:118:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
( (strlen((x)) > TSK_HDB_HTYPE_SHA1_LEN + 4) && \
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/nsrl.c:282:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(ptr) < 2 + TSK_HDB_HTYPE_MD5_LEN)
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/nsrl.c:415:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/nsrl.c:456:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(phash, hash, hdb_binsrch_info->hash_len + 1);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/nsrl.c:518:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (strlen(hash) != TSK_HDB_HTYPE_MD5_LEN)) {
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/nsrl.c:527:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (strlen(hash) != TSK_HDB_HTYPE_SHA1_LEN)) {
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/nsrl.c:577:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/nsrl.c:624:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pname, name, TSK_HDB_MAXLEN);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/sqlite_hdb.cpp:259:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strncmp(header, SQLITE_FILE_HEADER, strlen(SQLITE_FILE_HEADER)) == 0;
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/sqlite_hdb.cpp:312:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(str)/2;
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/sqlite_hdb.cpp:395:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((sqlite_hdb_attempt(sqlite3_bind_text(stmt, 1, value, (int)strlen(value), SQLITE_TRANSIENT), SQLITE_OK, "sqlite_hdb_insert_value_and_id: error binding value: %s (result code %d)\n", db) == 0) &&
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/sqlite_hdb.cpp:431:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t md5_str_len = strlen(md5);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/sqlite_hdb.cpp:451:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(md5)/2;
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/sqlite_hdb.cpp:508:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(hash);
data/sleuthkit-4.10.0+dfsg/tsk/hashdb/sqlite_hdb.cpp:612:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(hash);
data/sleuthkit-4.10.0+dfsg/tsk/img/aff.c:241:19: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ilen = wcslen(utf16);
data/sleuthkit-4.10.0+dfsg/tsk/img/aff.c:275:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
image = (char *) tsk_malloc(strlen(images[0]) + 1);
data/sleuthkit-4.10.0+dfsg/tsk/img/aff.c:278:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(image, images[0], strlen(images[0]) + 1);
data/sleuthkit-4.10.0+dfsg/tsk/img/aff.c:278:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(image, images[0], strlen(images[0]) + 1);
data/sleuthkit-4.10.0+dfsg/tsk/img/ewf.cpp:183:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_count = read(fd, header, 512);
data/sleuthkit-4.10.0+dfsg/tsk/img/ewf.cpp:594:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t identifier_length = strlen((char *)identifier);
data/sleuthkit-4.10.0+dfsg/tsk/img/ewf.cpp:597:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t key_len = strlen(key);
data/sleuthkit-4.10.0+dfsg/tsk/img/ewf.cpp:602:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(result_buffer, "\n");
data/sleuthkit-4.10.0+dfsg/tsk/img/img_io.c:32:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nbytes = a_img_info->read(a_img_info, a_off, buf2, len_tmp);
data/sleuthkit-4.10.0+dfsg/tsk/img/img_io.c:43:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nbytes = a_img_info->read(a_img_info, a_off, a_buf, a_len);
data/sleuthkit-4.10.0+dfsg/tsk/img/img_io.c:206:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_count = a_img_info->read(a_img_info,
data/sleuthkit-4.10.0+dfsg/tsk/img/img_open.cpp:346:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ilen = strlen(images[i]);
data/sleuthkit-4.10.0+dfsg/tsk/img/img_open.cpp:410:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t(*read) (TSK_IMG_INFO * img, TSK_OFF_T off, char *buf, size_t len),
data/sleuthkit-4.10.0+dfsg/tsk/img/img_open.cpp:424:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read) {
data/sleuthkit-4.10.0+dfsg/tsk/img/img_open.cpp:468:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
img_info->read = read;
data/sleuthkit-4.10.0+dfsg/tsk/img/img_open.cpp:521:20: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ilen = wcslen(images[i]);
data/sleuthkit-4.10.0+dfsg/tsk/img/img_open.cpp:533:24: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&utf16[wcslen(images[i]) + 1], &utf8,
data/sleuthkit-4.10.0+dfsg/tsk/img/raw.c:260:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cnt = read(cimg->fd, buf, len);
data/sleuthkit-4.10.0+dfsg/tsk/img/tsk_img.h:103:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t(*read) (TSK_IMG_INFO * img, TSK_OFF_T off, char *buf, size_t len); ///< \internal External progs should call tsk_img_read()
data/sleuthkit-4.10.0+dfsg/tsk/img/tsk_img.h:121:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t(*read) (TSK_IMG_INFO * img, TSK_OFF_T off, char *buf, size_t len),
data/sleuthkit-4.10.0+dfsg/tsk/img/tsk_img.h:284:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read(TSK_OFF_T a_off, char *a_buf, size_t a_len) {
data/sleuthkit-4.10.0+dfsg/tsk/pool/apfs_pool.cpp:103:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t APFSPool::read(uint64_t address, char* buf, size_t buf_size) const
data/sleuthkit-4.10.0+dfsg/tsk/pool/apfs_pool_compat.cpp:291:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return origInfo->read(origInfo, offset, buf, len);
data/sleuthkit-4.10.0+dfsg/tsk/pool/pool_read.cpp:12:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return pool->read(a_off, a_buf, a_len);
data/sleuthkit-4.10.0+dfsg/tsk/pool/tsk_apfs.hpp:98:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read(uint64_t address, char *buf, size_t buf_size) const
data/sleuthkit-4.10.0+dfsg/tsk/pool/tsk_pool.hpp:45:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual ssize_t read(uint64_t address, char *buf, size_t buf_size) const
data/sleuthkit-4.10.0+dfsg/tsk/util/crypto.cpp:104:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
total_len += read;
data/sleuthkit-4.10.0+dfsg/tsk/util/crypto.cpp:105:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
position += read;
data/sleuthkit-4.10.0+dfsg/tsk/util/crypto.cpp:106:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buf += read;
data/sleuthkit-4.10.0+dfsg/tsk/util/crypto.cpp:107:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
length -= read;
data/sleuthkit-4.10.0+dfsg/tsk/vs/bsd.c:32:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "Unused (0x00)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/bsd.c:35:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "Swap (0x01)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/bsd.c:38:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "Version 6 (0x02)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/bsd.c:41:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "Version 7 (0x03)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/bsd.c:44:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "System V (0x04)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/bsd.c:47:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "4.1BSD (0x05)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/bsd.c:50:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "Eighth Edition (0x06)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/bsd.c:53:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "4.2BSD (0x07)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/bsd.c:56:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "MSDOS (0x08)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/bsd.c:59:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "4.4LFS (0x09)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/bsd.c:62:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "Unknown (0x0A)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/bsd.c:65:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "HPFS (0x0B)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/bsd.c:68:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "ISO9660 (0x0C)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/bsd.c:71:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "Boot (0x0D)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/bsd.c:74:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "Vinum (0x0E)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/mac.c:146:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str, (char *) part->type, sizeof(part->name));
data/sleuthkit-4.10.0+dfsg/tsk/vs/sun.c:32:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "Unassigned (0x00)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/sun.c:35:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "boot (0x01)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/sun.c:38:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "/ (0x02)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/sun.c:41:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "swap (0x03)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/sun.c:44:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "/usr/ (0x04)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/sun.c:47:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "backup (0x05)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/sun.c:50:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "stand (0x06)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/sun.c:53:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "/var/ (0x07)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/sun.c:56:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "/home/ (0x08)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/sun.c:59:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "alt sector (0x09)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/sun.c:62:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "cachefs (0x0A)", 64);
data/sleuthkit-4.10.0+dfsg/tsk/vs/tsk_vs.h:215:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read(TSK_OFF_T a_off, char *a_buf, size_t a_len) {
ANALYSIS SUMMARY:
Hits = 1512
Lines analyzed = 316710 in approximately 8.71 seconds (36342 lines/second)
Physical Source Lines of Code (SLOC) = 192594
Hits@level = [0] 1030 [1] 446 [2] 934 [3] 20 [4] 106 [5] 6
Hits@level+ = [0+] 2542 [1+] 1512 [2+] 1066 [3+] 132 [4+] 112 [5+] 6
Hits/KSLOC@level+ = [0+] 13.1987 [1+] 7.85071 [2+] 5.53496 [3+] 0.68538 [4+] 0.581534 [5+] 0.0311536
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.