Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/surgescript-0.5.4.2/src/main.c Examining data/surgescript-0.5.4.2/src/surgescript.h Examining data/surgescript-0.5.4.2/src/surgescript/compiler/asm.c Examining data/surgescript-0.5.4.2/src/surgescript/compiler/asm.h Examining data/surgescript-0.5.4.2/src/surgescript/compiler/lexer.c Examining data/surgescript-0.5.4.2/src/surgescript/compiler/lexer.h Examining data/surgescript-0.5.4.2/src/surgescript/compiler/nodecontext.h Examining data/surgescript-0.5.4.2/src/surgescript/compiler/parser.c Examining data/surgescript-0.5.4.2/src/surgescript/compiler/parser.h Examining data/surgescript-0.5.4.2/src/surgescript/compiler/symtable.c Examining data/surgescript-0.5.4.2/src/surgescript/compiler/symtable.h Examining data/surgescript-0.5.4.2/src/surgescript/compiler/token.c Examining data/surgescript-0.5.4.2/src/surgescript/compiler/token.h Examining data/surgescript-0.5.4.2/src/surgescript/runtime/heap.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/heap.h Examining data/surgescript-0.5.4.2/src/surgescript/runtime/object.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/object.h Examining data/surgescript-0.5.4.2/src/surgescript/runtime/object_manager.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/object_manager.h Examining data/surgescript-0.5.4.2/src/surgescript/runtime/program.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/program.h Examining data/surgescript-0.5.4.2/src/surgescript/runtime/program_operators.h Examining data/surgescript-0.5.4.2/src/surgescript/runtime/program_pool.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/program_pool.h Examining data/surgescript-0.5.4.2/src/surgescript/runtime/renv.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/renv.h Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/application.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/arguments.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/array.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/boolean.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/console.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/date.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/dictionary.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/gc.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/math.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/number.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/object.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/plugin.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/sslib.h Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/string.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/surgescript.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/system.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/tags.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/temp.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/time.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/stack.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/stack.h Examining data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.h Examining data/surgescript-0.5.4.2/src/surgescript/runtime/variable.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/variable.h Examining data/surgescript-0.5.4.2/src/surgescript/runtime/vm.c Examining data/surgescript-0.5.4.2/src/surgescript/runtime/vm.h Examining data/surgescript-0.5.4.2/src/surgescript/util/fasthash.c Examining data/surgescript-0.5.4.2/src/surgescript/util/fasthash.h Examining data/surgescript-0.5.4.2/src/surgescript/util/ssarray.h Examining data/surgescript-0.5.4.2/src/surgescript/util/transform.c Examining data/surgescript-0.5.4.2/src/surgescript/util/transform.h Examining data/surgescript-0.5.4.2/src/surgescript/util/utf8.c Examining data/surgescript-0.5.4.2/src/surgescript/util/utf8.h Examining data/surgescript-0.5.4.2/src/surgescript/util/uthash.h Examining data/surgescript-0.5.4.2/src/surgescript/util/util.c Examining data/surgescript-0.5.4.2/src/surgescript/util/util.h Examining data/surgescript-0.5.4.2/src/surgescript/util/xoroshiro128plus.c Examining data/surgescript-0.5.4.2/src/surgescript/util/xxh3.h Examining data/surgescript-0.5.4.2/src/surgescript/util/xxhash.c Examining data/surgescript-0.5.4.2/src/surgescript/util/xxhash.h FINAL RESULTS: data/surgescript-0.5.4.2/src/surgescript/compiler/parser.c:808:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(strcpy(program_name, prefix), state_name); data/surgescript-0.5.4.2/src/surgescript/compiler/parser.c:808:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcat(strcpy(program_name, prefix), state_name); data/surgescript-0.5.4.2/src/surgescript/compiler/symtable.c:404:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, symbol); data/surgescript-0.5.4.2/src/surgescript/compiler/symtable.c:405:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf + symbol_len + 1, path); data/surgescript-0.5.4.2/src/surgescript/runtime/object.c:857:12: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). return strcat(strcpy(fun_name, prefix), state); data/surgescript-0.5.4.2/src/surgescript/runtime/object.c:857:19: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return strcat(strcpy(fun_name, prefix), state); data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/object.c:249:12: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(strcat(strcpy(str, "["), object_name), "]"); data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/string.c:224:37: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). surgescript_var_set_string(ret, strcat(strcpy(buf, str[0]), str[1])); data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/string.c:224:44: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). surgescript_var_set_string(ret, strcat(strcpy(buf, str[0]), str[1])); data/surgescript-0.5.4.2/src/surgescript/util/utf8.c:25:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/surgescript-0.5.4.2/src/surgescript/util/utf8.c:25:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/surgescript-0.5.4.2/src/surgescript/util/utf8.c:562:11: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. cnt = vsnprintf(buf, sz, fmt, ap); data/surgescript-0.5.4.2/src/surgescript/util/utf8.c:568:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, cnt+1, fmt, ap); data/surgescript-0.5.4.2/src/surgescript/util/uthash.h:393:29: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define HASH_OOPS(...) do { fprintf(stderr,__VA_ARGS__); exit(-1); } while (0) data/surgescript-0.5.4.2/src/surgescript/util/util.c:106:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf+len, sizeof(buf)-len, fmt, args); data/surgescript-0.5.4.2/src/surgescript/util/util.c:123:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf+len, sizeof(buf)-len, fmt, args); data/surgescript-0.5.4.2/src/surgescript/util/util.c:218:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return strcpy(str, src); data/surgescript-0.5.4.2/src/surgescript/util/util.c:266:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, prefix); data/surgescript-0.5.4.2/src/surgescript/util/util.c:267:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(str, tmp); data/surgescript-0.5.4.2/src/surgescript/util/util.c:268:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(str, text); data/surgescript-0.5.4.2/src/surgescript/compiler/lexer.c:45:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; /* auxiliary buffer */ data/surgescript-0.5.4.2/src/surgescript/compiler/parser.c:642:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32] = { '.', 'd', 'u', 'p', '.' }; data/surgescript-0.5.4.2/src/surgescript/compiler/parser.c:1708:24: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. *annotations = memcpy( data/surgescript-0.5.4.2/src/surgescript/runtime/program.c:252:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hex[2][1 + 2 * sizeof(unsigned)]; data/surgescript-0.5.4.2/src/surgescript/runtime/program.c:408:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state[256] = ""; data/surgescript-0.5.4.2/src/surgescript/runtime/program.c:792:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hex[2][1 + 2 * sizeof(unsigned)]; data/surgescript-0.5.4.2/src/surgescript/runtime/program_pool.c:376:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2 * SS_NAMEMAX + 2] = { 0 }; data/surgescript-0.5.4.2/src/surgescript/runtime/program_pool.c:379:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, object_name, l1); data/surgescript-0.5.4.2/src/surgescript/runtime/program_pool.c:380:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + l1 + 1, program_name, l2); data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/console.c:111:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1024] = ""; data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/date.c:121:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/string.c:151:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chr[7] = { 0 }; data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:337:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2 * SS_NAMEMAX + 2] = { 0 }; data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:340:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, object_name, l1); data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:341:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + l1 + 1, tag_name, l2); data/surgescript-0.5.4.2/src/surgescript/runtime/variable.c:207:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[128]; data/surgescript-0.5.4.2/src/surgescript/runtime/variable.c:307:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/surgescript-0.5.4.2/src/surgescript/runtime/variable.c:479:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[32]; data/surgescript-0.5.4.2/src/surgescript/runtime/variable.c:538:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/surgescript-0.5.4.2/src/surgescript/util/utf8.c:40:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char trailingBytesForUTF8[256] = { data/surgescript-0.5.4.2/src/surgescript/util/utf8.c:324:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char digs[10]; data/surgescript-0.5.4.2/src/surgescript/util/utf8.c:363:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[4]; data/surgescript-0.5.4.2/src/surgescript/util/utf8.c:378:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[c], temp, amt); data/surgescript-0.5.4.2/src/surgescript/util/util.c:101:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024] = "[surgescript] "; data/surgescript-0.5.4.2/src/surgescript/util/util.c:118:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024] = "[surgescript-error] "; data/surgescript-0.5.4.2/src/surgescript/util/util.c:227:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const union { int i; char c[sizeof(int)]; } u = { .i = 1 }; data/surgescript-0.5.4.2/src/surgescript/util/util.c:264:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[2] = { '_', '\0' }; data/surgescript-0.5.4.2/src/surgescript/util/util.c:335:22: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). int wpath_size = MultiByteToWideChar(CP_UTF8, 0, filepath, -1, NULL, 0); data/surgescript-0.5.4.2/src/surgescript/util/util.c:336:22: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). int wmode_size = MultiByteToWideChar(CP_UTF8, 0, mode, -1, NULL, 0); data/surgescript-0.5.4.2/src/surgescript/util/util.c:342:9: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_UTF8, 0, filepath, -1, wpath, wpath_size); data/surgescript-0.5.4.2/src/surgescript/util/util.c:343:9: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_UTF8, 0, mode, -1, wmode, wmode_size); data/surgescript-0.5.4.2/src/surgescript/util/util.c:351:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filepath, mode); data/surgescript-0.5.4.2/src/surgescript/util/util.c:356:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return fopen(filepath, mode); data/surgescript-0.5.4.2/src/surgescript/util/util.c:375:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[128] = "Out of memory in "; data/surgescript-0.5.4.2/src/surgescript/util/xxh3.h:932:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, &v64, sizeof(v64)); data/surgescript-0.5.4.2/src/surgescript/util/xxh3.h:964:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. XXH_ALIGN(8) char secret[XXH_SECRET_DEFAULT_SIZE]; data/surgescript-0.5.4.2/src/surgescript/util/xxh3.h:1096:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst_state, src_state, sizeof(*dst_state)); data/surgescript-0.5.4.2/src/surgescript/util/xxh3.h:1240:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(acc, state->acc, sizeof(state->acc)); /* digest locally, state remains unaltered, and can continue ingesting more data afterwards */ data/surgescript-0.5.4.2/src/surgescript/util/xxh3.h:1257:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lastStripe[STRIPE_LEN]; data/surgescript-0.5.4.2/src/surgescript/util/xxh3.h:1259:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lastStripe, (const char*)state->buffer + sizeof(state->buffer) - catchupSize, catchupSize); data/surgescript-0.5.4.2/src/surgescript/util/xxh3.h:1260:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lastStripe + catchupSize, state->buffer, state->bufferedSize); data/surgescript-0.5.4.2/src/surgescript/util/xxh3.h:1397:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. XXH_ALIGN(8) char secret[XXH_SECRET_DEFAULT_SIZE]; data/surgescript-0.5.4.2/src/surgescript/util/xxh3.h:1616:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, &hash.high64, sizeof(hash.high64)); data/surgescript-0.5.4.2/src/surgescript/util/xxh3.h:1617:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)dst + sizeof(hash.high64), &hash.low64, sizeof(hash.low64)); data/surgescript-0.5.4.2/src/surgescript/util/xxhash.c:112:76: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static void* XXH_memcpy(void* dest, const void* src, size_t size) { return memcpy(dest,src,size); } data/surgescript-0.5.4.2/src/surgescript/util/xxhash.c:518:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstState, srcState, sizeof(*dstState)); data/surgescript-0.5.4.2/src/surgescript/util/xxhash.c:530:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(statePtr, &state, sizeof(state) - sizeof(state.reserved)); data/surgescript-0.5.4.2/src/surgescript/util/xxhash.c:630:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, &hash, sizeof(*dst)); data/surgescript-0.5.4.2/src/surgescript/util/xxhash.c:992:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstState, srcState, sizeof(*dstState)); data/surgescript-0.5.4.2/src/surgescript/util/xxhash.c:1004:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(statePtr, &state, sizeof(state) - sizeof(state.reserved)); data/surgescript-0.5.4.2/src/surgescript/util/xxhash.c:1100:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, &hash, sizeof(*dst)); data/surgescript-0.5.4.2/src/surgescript/util/xxhash.h:221:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef struct { unsigned char digest[4]; } XXH32_canonical_t; data/surgescript-0.5.4.2/src/surgescript/util/xxhash.h:263:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef struct { unsigned char digest[8]; } XXH64_canonical_t; data/surgescript-0.5.4.2/src/surgescript/util/xxhash.h:426:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. XXH_ALIGN(64) char customSecret[XXH3_SECRET_DEFAULT_SIZE]; /* used to store a custom secret generated from the seed. Makes state larger. Design might change */ data/surgescript-0.5.4.2/src/surgescript/util/xxhash.h:427:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. XXH_ALIGN(64) char buffer[XXH3_INTERNALBUFFER_SIZE]; data/surgescript-0.5.4.2/src/surgescript/util/xxhash.h:520:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef struct { unsigned char digest[16]; } XXH128_canonical_t; data/surgescript-0.5.4.2/src/surgescript/compiler/parser.c:578:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(name) > SS_NAMEMAX; data/surgescript-0.5.4.2/src/surgescript/compiler/parser.c:807:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). program_name = ssmalloc((1 + strlen(prefix) + strlen(state_name)) * sizeof(*program_name)); data/surgescript-0.5.4.2/src/surgescript/compiler/parser.c:807:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). program_name = ssmalloc((1 + strlen(prefix) + strlen(state_name)) * sizeof(*program_name)); data/surgescript-0.5.4.2/src/surgescript/compiler/symtable.c:52:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void (*read)(surgescript_symtable_entry_t* entry, surgescript_program_t* program, unsigned k); data/surgescript-0.5.4.2/src/surgescript/compiler/symtable.c:234:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). entry->vtable->read(entry, program, k); data/surgescript-0.5.4.2/src/surgescript/compiler/symtable.c:402:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t symbol_len = strlen(symbol); data/surgescript-0.5.4.2/src/surgescript/compiler/symtable.c:403:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* buf = ssmalloc((3 + symbol_len + strlen(path)) * sizeof(*buf)); data/surgescript-0.5.4.2/src/surgescript/compiler/symtable.c:411:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t symbol_len = strlen(symbol); data/surgescript-0.5.4.2/src/surgescript/runtime/object.c:856:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *fun_name = ssmalloc((strlen(state) + strlen(prefix) + 1) * sizeof(char)); data/surgescript-0.5.4.2/src/surgescript/runtime/object.c:856:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *fun_name = ssmalloc((strlen(state) + strlen(prefix) + 1) * sizeof(char)); data/surgescript-0.5.4.2/src/surgescript/runtime/program.c:835:9: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/surgescript-0.5.4.2/src/surgescript/runtime/program_pool.c:269:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_FIND(hh, pool->meta, object_name, strlen(object_name), m); data/surgescript-0.5.4.2/src/surgescript/runtime/program_pool.c:276:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_ADD_KEYPTR(hh, pool->meta, m->object_name, strlen(m->object_name), m); data/surgescript-0.5.4.2/src/surgescript/runtime/program_pool.c:286:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_FIND(hh, pool->meta, object_name, strlen(object_name), m); data/surgescript-0.5.4.2/src/surgescript/runtime/program_pool.c:308:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_FIND(hh, pool->meta, object_name, strlen(object_name), m); data/surgescript-0.5.4.2/src/surgescript/runtime/program_pool.c:378:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t l1 = strlen(object_name), l2 = strlen(program_name); data/surgescript-0.5.4.2/src/surgescript/runtime/program_pool.c:378:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t l1 = strlen(object_name), l2 = strlen(program_name); data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/console.c:116:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(result); data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/object.c:246:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* str = ssmalloc((strlen(object_name) + 3) * sizeof(*str)); data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/object.c:249:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(strcat(strcpy(str, "["), object_name), "]"); data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/object.c:249:19: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcat(strcat(strcpy(str, "["), object_name), "]"); data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/string.c:223:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf = ssmalloc((1 + strlen(str[0]) + strlen(str[1])) * sizeof(*buf)); data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/string.c:223:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf = ssmalloc((1 + strlen(str[0]) + strlen(str[1])) * sizeof(*buf)); data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/string.c:240:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int search_len = strlen(search); data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/string.c:272:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* dst = ssmalloc((1 + strlen(src)) * sizeof(*dst)), *q; data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/string.c:288:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* dst = ssmalloc((1 + strlen(src)) * sizeof(*dst)), *q; data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:32:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define generate_tag(tag_name) XXH64(tag_name, strlen(tag_name), 0) data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:188:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_FIND(hh, tag_system->inverse_tag_table, tag_name, strlen(tag_name), ientry); data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:194:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_ADD_KEYPTR(hh, tag_system->inverse_tag_table, ientry->tag_name, strlen(ientry->tag_name), ientry); data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:210:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_FIND(hh, tag_system->tag_table, object_name, strlen(object_name), entry); data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:215:72: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_ADD_KEYPTR(hh, tag_system->tag_table, entry->object_name, strlen(entry->object_name), entry); data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:218:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_FIND(hh, tag_system->inverse_tag_table, tag_name, strlen(tag_name), ientry); data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:224:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_ADD_KEYPTR(hh, tag_system->inverse_tag_table, ientry->tag_name, strlen(ientry->tag_name), ientry); data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:251:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_FIND(hh, tag_system->tag_table, object_name, strlen(object_name), entry); data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:281:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_FIND(hh, tag_system->inverse_tag_table, tag_name, strlen(tag_name), ientry); data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:339:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t l1 = strlen(object_name), l2 = strlen(tag_name); data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:339:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t l1 = strlen(object_name), l2 = strlen(tag_name); data/surgescript-0.5.4.2/src/surgescript/runtime/variable.c:196:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(string != NULL && strlen(string) <= MAXLEN) { data/surgescript-0.5.4.2/src/surgescript/runtime/variable.c:199:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!u8_isvalid(var->string, strlen(var->string))) data/surgescript-0.5.4.2/src/surgescript/runtime/variable.c:608:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return sizeof(surgescript_var_t) + (1 + strlen(var->string)) * sizeof(char); data/surgescript-0.5.4.2/src/surgescript/util/uthash.h:369:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_FIND(hh,head,findstr,(unsigned)strlen(findstr),out) data/surgescript-0.5.4.2/src/surgescript/util/uthash.h:371:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_ADD(hh,head,strfield[0],(unsigned int)strlen(add->strfield),add) data/surgescript-0.5.4.2/src/surgescript/util/uthash.h:373:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HASH_REPLACE(hh,head,strfield[0],(unsigned)strlen(add->strfield),add,replaced) data/surgescript-0.5.4.2/src/surgescript/util/util.c:102:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(buf); data/surgescript-0.5.4.2/src/surgescript/util/util.c:119:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(buf); data/surgescript-0.5.4.2/src/surgescript/util/util.c:217:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* str = surgescript_util_malloc(sizeof(char) * (1 + strlen(src)), location); data/surgescript-0.5.4.2/src/surgescript/util/util.c:263:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* str = ssmalloc((strlen(prefix) + strlen(text) + 2) * sizeof(char)); data/surgescript-0.5.4.2/src/surgescript/util/util.c:263:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* str = ssmalloc((strlen(prefix) + strlen(text) + 2) * sizeof(char)); ANALYSIS SUMMARY: Hits = 124 Lines analyzed = 21154 in approximately 0.59 seconds (35793 lines/second) Physical Source Lines of Code (SLOC) = 13651 Hits@level = [0] 26 [1] 48 [2] 56 [3] 0 [4] 20 [5] 0 Hits@level+ = [0+] 150 [1+] 124 [2+] 76 [3+] 20 [4+] 20 [5+] 0 Hits/KSLOC@level+ = [0+] 10.9882 [1+] 9.08358 [2+] 5.56736 [3+] 1.46509 [4+] 1.46509 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.