Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tardy-1.25/libtardy/ac/assert.h
Examining data/tardy-1.25/libtardy/ac/ctype.h
Examining data/tardy-1.25/libtardy/ac/dirent.h
Examining data/tardy-1.25/libtardy/ac/errno.h
Examining data/tardy-1.25/libtardy/ac/fcntl.h
Examining data/tardy-1.25/libtardy/ac/grp.h
Examining data/tardy-1.25/libtardy/ac/limits.h
Examining data/tardy-1.25/libtardy/ac/pwd.h
Examining data/tardy-1.25/libtardy/ac/stdarg.h
Examining data/tardy-1.25/libtardy/ac/stddef.h
Examining data/tardy-1.25/libtardy/ac/stdio.cc
Examining data/tardy-1.25/libtardy/ac/stdio.h
Examining data/tardy-1.25/libtardy/ac/stdlib.h
Examining data/tardy-1.25/libtardy/ac/string.cc
Examining data/tardy-1.25/libtardy/ac/string.h
Examining data/tardy-1.25/libtardy/ac/sys/param.h
Examining data/tardy-1.25/libtardy/ac/sys/stat.h
Examining data/tardy-1.25/libtardy/ac/sys/sysmacros.h
Examining data/tardy-1.25/libtardy/ac/sys/types.h
Examining data/tardy-1.25/libtardy/ac/termios.h
Examining data/tardy-1.25/libtardy/ac/time.h
Examining data/tardy-1.25/libtardy/ac/unistd.h
Examining data/tardy-1.25/libtardy/ac/zlib.cc
Examining data/tardy-1.25/libtardy/ac/zlib.h
Examining data/tardy-1.25/libtardy/arglex.cc
Examining data/tardy-1.25/libtardy/arglex.h
Examining data/tardy-1.25/libtardy/cannonical.cc
Examining data/tardy-1.25/libtardy/cannonical.h
Examining data/tardy-1.25/libtardy/endian.cc
Examining data/tardy-1.25/libtardy/endian.h
Examining data/tardy-1.25/libtardy/file/input.cc
Examining data/tardy-1.25/libtardy/file/input.h
Examining data/tardy-1.25/libtardy/file/input/factory.cc
Examining data/tardy-1.25/libtardy/file/input/gunzip.cc
Examining data/tardy-1.25/libtardy/file/input/gunzip.h
Examining data/tardy-1.25/libtardy/file/input/normal.cc
Examining data/tardy-1.25/libtardy/file/input/normal.h
Examining data/tardy-1.25/libtardy/file/input/position.cc
Examining data/tardy-1.25/libtardy/file/input/position.h
Examining data/tardy-1.25/libtardy/file/input/stdin.cc
Examining data/tardy-1.25/libtardy/file/input/stdin.h
Examining data/tardy-1.25/libtardy/file/output.cc
Examining data/tardy-1.25/libtardy/file/output.h
Examining data/tardy-1.25/libtardy/file/output/buffer.cc
Examining data/tardy-1.25/libtardy/file/output/buffer.h
Examining data/tardy-1.25/libtardy/file/output/factory.cc
Examining data/tardy-1.25/libtardy/file/output/gzip.cc
Examining data/tardy-1.25/libtardy/file/output/gzip.h
Examining data/tardy-1.25/libtardy/file/output/hexdump.cc
Examining data/tardy-1.25/libtardy/file/output/hexdump.h
Examining data/tardy-1.25/libtardy/file/output/normal.cc
Examining data/tardy-1.25/libtardy/file/output/normal.h
Examining data/tardy-1.25/libtardy/file/output/stdout.cc
Examining data/tardy-1.25/libtardy/file/output/stdout.h
Examining data/tardy-1.25/libtardy/filenamelist.cc
Examining data/tardy-1.25/libtardy/filenamelist.h
Examining data/tardy-1.25/libtardy/filenamelist/file.cc
Examining data/tardy-1.25/libtardy/filenamelist/file.h
Examining data/tardy-1.25/libtardy/filenamelist/filter.cc
Examining data/tardy-1.25/libtardy/filenamelist/filter.h
Examining data/tardy-1.25/libtardy/filenamelist/filter/progress.cc
Examining data/tardy-1.25/libtardy/filenamelist/filter/progress.h
Examining data/tardy-1.25/libtardy/format_family.cc
Examining data/tardy-1.25/libtardy/format_family.h
Examining data/tardy-1.25/libtardy/fstrcmp.cc
Examining data/tardy-1.25/libtardy/fstrcmp.h
Examining data/tardy-1.25/libtardy/gmatch.cc
Examining data/tardy-1.25/libtardy/gmatch.h
Examining data/tardy-1.25/libtardy/main.h
Examining data/tardy-1.25/libtardy/mprintf.cc
Examining data/tardy-1.25/libtardy/mprintf.h
Examining data/tardy-1.25/libtardy/patchlevel.h
Examining data/tardy-1.25/libtardy/rcstring.cc
Examining data/tardy-1.25/libtardy/rcstring.h
Examining data/tardy-1.25/libtardy/rcstring/accumulator.cc
Examining data/tardy-1.25/libtardy/rcstring/accumulator.h
Examining data/tardy-1.25/libtardy/rcstring/accumulator/pop_front.cc
Examining data/tardy-1.25/libtardy/rcstring/accumulator/printf.cc
Examining data/tardy-1.25/libtardy/rcstring/basename.cc
Examining data/tardy-1.25/libtardy/rcstring/clear.cc
Examining data/tardy-1.25/libtardy/rcstring/dirname.cc
Examining data/tardy-1.25/libtardy/rcstring/downcase.cc
Examining data/tardy-1.25/libtardy/rcstring/ends_with.cc
Examining data/tardy-1.25/libtardy/rcstring/eq.cc
Examining data/tardy-1.25/libtardy/rcstring/hexdump.cc
Examining data/tardy-1.25/libtardy/rcstring/list.h
Examining data/tardy-1.25/libtardy/rcstring/list/appelistuniq.cc
Examining data/tardy-1.25/libtardy/rcstring/list/append.cc
Examining data/tardy-1.25/libtardy/rcstring/list/append_list.cc
Examining data/tardy-1.25/libtardy/rcstring/list/append_uniqu.cc
Examining data/tardy-1.25/libtardy/rcstring/list/assign_op.cc
Examining data/tardy-1.25/libtardy/rcstring/list/clear.cc
Examining data/tardy-1.25/libtardy/rcstring/list/constructor.cc
Examining data/tardy-1.25/libtardy/rcstring/list/copy.cc
Examining data/tardy-1.25/libtardy/rcstring/list/destructor.cc
Examining data/tardy-1.25/libtardy/rcstring/list/equal.cc
Examining data/tardy-1.25/libtardy/rcstring/list/intersection.cc
Examining data/tardy-1.25/libtardy/rcstring/list/member.cc
Examining data/tardy-1.25/libtardy/rcstring/list/member_nocas.cc
Examining data/tardy-1.25/libtardy/rcstring/list/pop_back.cc
Examining data/tardy-1.25/libtardy/rcstring/list/pop_front.cc
Examining data/tardy-1.25/libtardy/rcstring/list/prepend.cc
Examining data/tardy-1.25/libtardy/rcstring/list/prepend_list.cc
Examining data/tardy-1.25/libtardy/rcstring/list/quote.cc
Examining data/tardy-1.25/libtardy/rcstring/list/remove.cc
Examining data/tardy-1.25/libtardy/rcstring/list/remove_list.cc
Examining data/tardy-1.25/libtardy/rcstring/list/sort.cc
Examining data/tardy-1.25/libtardy/rcstring/list/sort_long_short.cc
Examining data/tardy-1.25/libtardy/rcstring/list/sort_nocase.cc
Examining data/tardy-1.25/libtardy/rcstring/list/sort_vers.cc
Examining data/tardy-1.25/libtardy/rcstring/list/str2wl.cc
Examining data/tardy-1.25/libtardy/rcstring/list/subset.cc
Examining data/tardy-1.25/libtardy/rcstring/list/validate.cc
Examining data/tardy-1.25/libtardy/rcstring/list/wl2str.cc
Examining data/tardy-1.25/libtardy/rcstring/list/xor.cc
Examining data/tardy-1.25/libtardy/rcstring/printf.cc
Examining data/tardy-1.25/libtardy/rcstring/quote_c.cc
Examining data/tardy-1.25/libtardy/rcstring/substitute.cc
Examining data/tardy-1.25/libtardy/rcstring/substring.cc
Examining data/tardy-1.25/libtardy/rcstring/upcase.cc
Examining data/tardy-1.25/libtardy/read_whole_directory.cc
Examining data/tardy-1.25/libtardy/read_whole_directory.h
Examining data/tardy-1.25/libtardy/roff.cc
Examining data/tardy-1.25/libtardy/roff.h
Examining data/tardy-1.25/libtardy/symtab.cc
Examining data/tardy-1.25/libtardy/symtab.h
Examining data/tardy-1.25/libtardy/tar/format.cc
Examining data/tardy-1.25/libtardy/tar/format.h
Examining data/tardy-1.25/libtardy/tar/header.cc
Examining data/tardy-1.25/libtardy/tar/header.h
Examining data/tardy-1.25/libtardy/tar/input.cc
Examining data/tardy-1.25/libtardy/tar/input.h
Examining data/tardy-1.25/libtardy/tar/input/ar.cc
Examining data/tardy-1.25/libtardy/tar/input/ar.h
Examining data/tardy-1.25/libtardy/tar/input/ar/bsd.cc
Examining data/tardy-1.25/libtardy/tar/input/ar/bsd.h
Examining data/tardy-1.25/libtardy/tar/input/ar/factory.cc
Examining data/tardy-1.25/libtardy/tar/input/ar/pdp11.cc
Examining data/tardy-1.25/libtardy/tar/input/ar/pdp11.h
Examining data/tardy-1.25/libtardy/tar/input/ar/v7.cc
Examining data/tardy-1.25/libtardy/tar/input/ar/v7.h
Examining data/tardy-1.25/libtardy/tar/input/cpio.cc
Examining data/tardy-1.25/libtardy/tar/input/cpio.h
Examining data/tardy-1.25/libtardy/tar/input/cpio/binary.cc
Examining data/tardy-1.25/libtardy/tar/input/cpio/binary.h
Examining data/tardy-1.25/libtardy/tar/input/cpio/crc.cc
Examining data/tardy-1.25/libtardy/tar/input/cpio/crc.h
Examining data/tardy-1.25/libtardy/tar/input/cpio/factory.cc
Examining data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.cc
Examining data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h
Examining data/tardy-1.25/libtardy/tar/input/cpio/old_ascii.cc
Examining data/tardy-1.25/libtardy/tar/input/cpio/old_ascii.h
Examining data/tardy-1.25/libtardy/tar/input/directory.cc
Examining data/tardy-1.25/libtardy/tar/input/directory.h
Examining data/tardy-1.25/libtardy/tar/input/factory.cc
Examining data/tardy-1.25/libtardy/tar/input/filename.cc
Examining data/tardy-1.25/libtardy/tar/input/filename.h
Examining data/tardy-1.25/libtardy/tar/input/filenamelist.cc
Examining data/tardy-1.25/libtardy/tar/input/filenamelist.h
Examining data/tardy-1.25/libtardy/tar/input/filter.cc
Examining data/tardy-1.25/libtardy/tar/input/filter.h
Examining data/tardy-1.25/libtardy/tar/input/filter/ar_long_names.cc
Examining data/tardy-1.25/libtardy/tar/input/filter/ar_long_names.h
Examining data/tardy-1.25/libtardy/tar/input/filter/ar_long_names2.cc
Examining data/tardy-1.25/libtardy/tar/input/filter/ar_long_names2.h
Examining data/tardy-1.25/libtardy/tar/input/filter/clean.cc
Examining data/tardy-1.25/libtardy/tar/input/filter/clean.h
Examining data/tardy-1.25/libtardy/tar/input/filter/exclude.cc
Examining data/tardy-1.25/libtardy/tar/input/filter/exclude.h
Examining data/tardy-1.25/libtardy/tar/input/filter/group_name.cc
Examining data/tardy-1.25/libtardy/tar/input/filter/group_name.h
Examining data/tardy-1.25/libtardy/tar/input/filter/group_numbr.cc
Examining data/tardy-1.25/libtardy/tar/input/filter/group_numbr.h
Examining data/tardy-1.25/libtardy/tar/input/filter/gunzip.cc
Examining data/tardy-1.25/libtardy/tar/input/filter/gunzip.h
Examining data/tardy-1.25/libtardy/tar/input/filter/mode_clear.cc
Examining data/tardy-1.25/libtardy/tar/input/filter/mode_clear.h
Examining data/tardy-1.25/libtardy/tar/input/filter/mode_set.cc
Examining data/tardy-1.25/libtardy/tar/input/filter/mode_set.h
Examining data/tardy-1.25/libtardy/tar/input/filter/mtime.cc
Examining data/tardy-1.25/libtardy/tar/input/filter/mtime.h
Examining data/tardy-1.25/libtardy/tar/input/filter/prefix.cc
Examining data/tardy-1.25/libtardy/tar/input/filter/prefix.h
Examining data/tardy-1.25/libtardy/tar/input/filter/relative_paths.cc
Examining data/tardy-1.25/libtardy/tar/input/filter/relative_paths.h
Examining data/tardy-1.25/libtardy/tar/input/filter/remov_prefi.cc
Examining data/tardy-1.25/libtardy/tar/input/filter/remov_prefi.h
Examining data/tardy-1.25/libtardy/tar/input/filter/remove_prefix_count.cc
Examining data/tardy-1.25/libtardy/tar/input/filter/remove_prefix_count.h
Examining data/tardy-1.25/libtardy/tar/input/filter/suppr_direc.cc
Examining data/tardy-1.25/libtardy/tar/input/filter/suppr_direc.h
Examining data/tardy-1.25/libtardy/tar/input/filter/user_name.cc
Examining data/tardy-1.25/libtardy/tar/input/filter/user_name.h
Examining data/tardy-1.25/libtardy/tar/input/filter/user_number.cc
Examining data/tardy-1.25/libtardy/tar/input/filter/user_number.h
Examining data/tardy-1.25/libtardy/tar/input/tar.cc
Examining data/tardy-1.25/libtardy/tar/input/tar.h
Examining data/tardy-1.25/libtardy/tar/input/tar/bsd.cc
Examining data/tardy-1.25/libtardy/tar/input/tar/bsd.h
Examining data/tardy-1.25/libtardy/tar/input/tar/posix.cc
Examining data/tardy-1.25/libtardy/tar/input/tar/posix.h
Examining data/tardy-1.25/libtardy/tar/input/tar/ustar.cc
Examining data/tardy-1.25/libtardy/tar/input/tar/ustar.h
Examining data/tardy-1.25/libtardy/tar/input/tar_output_factory.cc
Examining data/tardy-1.25/libtardy/tar/output.cc
Examining data/tardy-1.25/libtardy/tar/output.h
Examining data/tardy-1.25/libtardy/tar/output/ar.cc
Examining data/tardy-1.25/libtardy/tar/output/ar.h
Examining data/tardy-1.25/libtardy/tar/output/ar/bsd.cc
Examining data/tardy-1.25/libtardy/tar/output/ar/bsd.h
Examining data/tardy-1.25/libtardy/tar/output/ar/pdp11.cc
Examining data/tardy-1.25/libtardy/tar/output/ar/pdp11.h
Examining data/tardy-1.25/libtardy/tar/output/ar/port5.cc
Examining data/tardy-1.25/libtardy/tar/output/ar/port5.h
Examining data/tardy-1.25/libtardy/tar/output/ar/v7.cc
Examining data/tardy-1.25/libtardy/tar/output/ar/v7.h
Examining data/tardy-1.25/libtardy/tar/output/cpio.cc
Examining data/tardy-1.25/libtardy/tar/output/cpio.h
Examining data/tardy-1.25/libtardy/tar/output/cpio/binary.cc
Examining data/tardy-1.25/libtardy/tar/output/cpio/binary.h
Examining data/tardy-1.25/libtardy/tar/output/cpio/crc.cc
Examining data/tardy-1.25/libtardy/tar/output/cpio/crc.h
Examining data/tardy-1.25/libtardy/tar/output/cpio/newascii.cc
Examining data/tardy-1.25/libtardy/tar/output/cpio/newascii.h
Examining data/tardy-1.25/libtardy/tar/output/cpio/oldascii.cc
Examining data/tardy-1.25/libtardy/tar/output/cpio/oldascii.h
Examining data/tardy-1.25/libtardy/tar/output/extract.cc
Examining data/tardy-1.25/libtardy/tar/output/extract.h
Examining data/tardy-1.25/libtardy/tar/output/filter.cc
Examining data/tardy-1.25/libtardy/tar/output/filter.h
Examining data/tardy-1.25/libtardy/tar/output/filter/ar_long_names.cc
Examining data/tardy-1.25/libtardy/tar/output/filter/ar_long_names.h
Examining data/tardy-1.25/libtardy/tar/output/filter/ar_long_names2.cc
Examining data/tardy-1.25/libtardy/tar/output/filter/ar_long_names2.h
Examining data/tardy-1.25/libtardy/tar/output/filter/basename.cc
Examining data/tardy-1.25/libtardy/tar/output/filter/basename.h
Examining data/tardy-1.25/libtardy/tar/output/filter/gzip.cc
Examining data/tardy-1.25/libtardy/tar/output/filter/gzip.h
Examining data/tardy-1.25/libtardy/tar/output/filter/list.cc
Examining data/tardy-1.25/libtardy/tar/output/filter/list.h
Examining data/tardy-1.25/libtardy/tar/output/tar.cc
Examining data/tardy-1.25/libtardy/tar/output/tar.h
Examining data/tardy-1.25/libtardy/tar/output/tar/bsd.cc
Examining data/tardy-1.25/libtardy/tar/output/tar/bsd.h
Examining data/tardy-1.25/libtardy/tar/output/tar/posix.cc
Examining data/tardy-1.25/libtardy/tar/output/tar/posix.h
Examining data/tardy-1.25/libtardy/tar/output/tar/ustar.cc
Examining data/tardy-1.25/libtardy/tar/output/tar/ustar.h
Examining data/tardy-1.25/libtardy/tar/output/tar/v7.cc
Examining data/tardy-1.25/libtardy/tar/output/tar/v7.h
Examining data/tardy-1.25/libtardy/trace.cc
Examining data/tardy-1.25/libtardy/trace.h
Examining data/tardy-1.25/libtardy/versi_stamp.cc
Examining data/tardy-1.25/libtardy/version.cc
Examining data/tardy-1.25/libtardy/version_stmp.h
Examining data/tardy-1.25/man/man1/o__rules.h
Examining data/tardy-1.25/man/man1/o_help.h
Examining data/tardy-1.25/man/man1/tardy.h
Examining data/tardy-1.25/man/man1/tardy_license.h
Examining data/tardy-1.25/man/man1/z_cr.h
Examining data/tardy-1.25/man/man1/z_exit.h
Examining data/tardy-1.25/tardy/arglex/tardy.cc
Examining data/tardy-1.25/tardy/arglex/tardy.h
Examining data/tardy-1.25/tardy/ifmt.cc
Examining data/tardy-1.25/tardy/ifmt.h
Examining data/tardy-1.25/tardy/main.cc
Examining data/tardy-1.25/tardy/ofmt.cc
Examining data/tardy-1.25/tardy/ofmt.h
Examining data/tardy-1.25/tardy/tardy.cc
Examining data/tardy-1.25/tardy/tardy.h
FINAL RESULTS:
data/tardy-1.25/libtardy/tar/input/filename.cc:126:17: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
readlink
data/tardy-1.25/libtardy/ac/stdio.cc:27:1: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(char *buffer, size_t, const char *fmt, va_list ap)
data/tardy-1.25/libtardy/ac/stdio.cc:29:12: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
return vsprintf(buffer, fmt, ap);
data/tardy-1.25/libtardy/ac/stdio.cc:37:1: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(char *buffer, size_t bufsize, const char *fmt, ...)
data/tardy-1.25/libtardy/ac/stdio.cc:41:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int n = vsnprintf(buffer, bufsize, fmt, ap);
data/tardy-1.25/libtardy/file/input.cc:51:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), fmt, ap);
data/tardy-1.25/libtardy/file/output.cc:61:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), fmt, ap);
data/tardy-1.25/libtardy/main.h:33:53: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define ATTR_PRINTF(x, y) __attribute__((__format__(printf, x, y)))
data/tardy-1.25/libtardy/mprintf.cc:338:17: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(num, sizeof(num), fake, a);
data/tardy-1.25/libtardy/mprintf.cc:375:17: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(num, sizeof(num), fake, a);
data/tardy-1.25/libtardy/mprintf.cc:406:17: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(num, sizeof(num), fake, a);
data/tardy-1.25/libtardy/mprintf.cc:471:17: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(num, sizeof(num), fake, a);
data/tardy-1.25/libtardy/rcstring.h:182:21: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static rcstring printf(const char *fmt, ...) ATTR_PRINTF(1, 2);
data/tardy-1.25/libtardy/rcstring.h:195:21: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static rcstring vprintf(const char *fmt, va_list ap) ATTR_PRINTF(1, 0);
data/tardy-1.25/libtardy/rcstring/accumulator.h:188:10: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void printf(const char *fmt, ...) ATTR_PRINTF(2, 3);
data/tardy-1.25/libtardy/rcstring/accumulator/printf.cc:25:23: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
rcstring_accumulator::printf(const char *fmt, ...)
data/tardy-1.25/libtardy/rcstring/accumulator/printf.cc:30:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(temp, sizeof(temp), fmt, ap);
data/tardy-1.25/libtardy/rcstring/printf.cc:24:11: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
rcstring::printf(const char *fmt, ...)
data/tardy-1.25/libtardy/rcstring/printf.cc:28:21: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
rcstring result(vprintf(fmt, ap));
data/tardy-1.25/libtardy/rcstring/printf.cc:35:11: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
rcstring::vprintf(const char *fmt, va_list ap)
data/tardy-1.25/libtardy/roff.cc:296:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), s, ap);
data/tardy-1.25/libtardy/tar/input.cc:42:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), fmt, ap);
data/tardy-1.25/libtardy/tar/input.cc:61:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), fmt, ap);
data/tardy-1.25/libtardy/tar/output.cc:59:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), fmt, ap);
data/tardy-1.25/libtardy/trace.cc:126:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, explain_program_name_get());
data/tardy-1.25/libtardy/trace.cc:132:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, file_name->str_text);
data/tardy-1.25/libtardy/trace.cc:210:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), s, ap);
data/tardy-1.25/libtardy/ac/string.cc:57:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[16];
data/tardy-1.25/libtardy/arglex.cc:195:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char empty[1];
data/tardy-1.25/libtardy/endian.cc:86:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union u { char c[2]; short s; } u;
data/tardy-1.25/libtardy/file/input.cc:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2000];
data/tardy-1.25/libtardy/file/input.cc:82:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, read_ahead_buffer + read_ahead_pos, nbytes);
data/tardy-1.25/libtardy/file/input.cc:111:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_buffer + new_pos, read_ahead_buffer + read_ahead_pos, sz);
data/tardy-1.25/libtardy/file/input.cc:119:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(read_ahead_buffer + read_ahead_pos, data, data_size);
data/tardy-1.25/libtardy/file/input.cc:139:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[512];
data/tardy-1.25/libtardy/file/input/factory.cc:42:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_input_gunzip::open
data/tardy-1.25/libtardy/file/input/gunzip.cc:94:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_input_gunzip::open(const file_input::pointer &deeper)
data/tardy-1.25/libtardy/file/input/gunzip.cc:139:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[4];
data/tardy-1.25/libtardy/file/input/gunzip.cc:150:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[2];
data/tardy-1.25/libtardy/file/input/gunzip.cc:287:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char gz_magic[2] = {0x1f, 0x8b}; // gzip magic header
data/tardy-1.25/libtardy/file/input/gunzip.cc:296:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[sizeof(gz_magic)];
data/tardy-1.25/libtardy/file/input/gunzip.cc:310:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[10];
data/tardy-1.25/libtardy/file/input/gunzip.cc:356:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/tardy-1.25/libtardy/file/input/gunzip.h:57:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
static pointer open(const file_input::pointer &deeper);
data/tardy-1.25/libtardy/file/output.cc:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2000];
data/tardy-1.25/libtardy/file/output/buffer.cc:92:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + pos, data, len);
data/tardy-1.25/libtardy/file/output/gzip.cc:33:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char gzip_magic[2] = { 0x1F, 0x8B }; // gzip magic header
data/tardy-1.25/libtardy/file/output/gzip.cc:80:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[4];
data/tardy-1.25/libtardy/file/output/gzip.cc:125:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[10];
data/tardy-1.25/libtardy/file/output/gzip.cc:126:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header, gzip_magic, sizeof(gzip_magic));
data/tardy-1.25/libtardy/file/output/hexdump.h:83:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8 + 1 + 3 * 16 + 2 + 16 + 1];
data/tardy-1.25/libtardy/filenamelist/file.cc:88:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp2, temp, line_length);
data/tardy-1.25/libtardy/filenamelist/file.h:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512];
data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:60:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[10];
data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:120:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:121:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buffer, "\rReading file list: ");
data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:138:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[20];
data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:174:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:222:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/tardy-1.25/libtardy/mprintf.cc:335:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fake[QUANTUM - 1];
data/tardy-1.25/libtardy/mprintf.cc:337:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[MAX_WIDTH + 1];
data/tardy-1.25/libtardy/mprintf.cc:343:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + length, num, len);
data/tardy-1.25/libtardy/mprintf.cc:372:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fake[QUANTUM - 1];
data/tardy-1.25/libtardy/mprintf.cc:374:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[MAX_WIDTH + 1];
data/tardy-1.25/libtardy/mprintf.cc:380:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + length, num, len);
data/tardy-1.25/libtardy/mprintf.cc:403:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fake[QUANTUM - 1];
data/tardy-1.25/libtardy/mprintf.cc:405:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[MAX_WIDTH + 1];
data/tardy-1.25/libtardy/mprintf.cc:411:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + length, num, len);
data/tardy-1.25/libtardy/mprintf.cc:468:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fake[QUANTUM - 1];
data/tardy-1.25/libtardy/mprintf.cc:470:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[MAX_WIDTH + 1];
data/tardy-1.25/libtardy/mprintf.cc:476:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + length, num, len);
data/tardy-1.25/libtardy/mprintf.cc:513:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + length, a, prec);
data/tardy-1.25/libtardy/mprintf.cc:553:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + length, a->str_text, prec);
data/tardy-1.25/libtardy/rcstring.cc:274:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->str_text, s, length);
data/tardy-1.25/libtardy/rcstring.cc:404:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, s1->str_text, s1->str_length);
data/tardy-1.25/libtardy/rcstring.cc:405:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + s1->str_length, s2->str_text, s2->str_length);
data/tardy-1.25/libtardy/rcstring.cc:446:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, s1->str_text, s1->str_length);
data/tardy-1.25/libtardy/rcstring.cc:447:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + s1->str_length, s2->str_text, s2->str_length);
data/tardy-1.25/libtardy/rcstring.cc:448:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy
data/tardy-1.25/libtardy/rcstring.h:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_text[1];
data/tardy-1.25/libtardy/rcstring/accumulator.cc:78:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_buffer, buffer, length);
data/tardy-1.25/libtardy/rcstring/accumulator.cc:111:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_buffer, buffer, length);
data/tardy-1.25/libtardy/rcstring/accumulator.cc:116:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + length, cp, n);
data/tardy-1.25/libtardy/rcstring/accumulator/printf.cc:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1 << 11];
data/tardy-1.25/libtardy/roff.cc:295:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1000];
data/tardy-1.25/libtardy/roff.cc:305:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[20];
data/tardy-1.25/libtardy/roff.cc:393:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[4];
data/tardy-1.25/libtardy/roff.cc:483:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1000];
data/tardy-1.25/libtardy/roff.cc:511:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp, argv[j], len);
data/tardy-1.25/libtardy/roff.cc:521:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1000];
data/tardy-1.25/libtardy/roff.cc:530:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1000];
data/tardy-1.25/libtardy/roff.cc:537:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp, argv[j], len);
data/tardy-1.25/libtardy/roff.cc:573:21: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
roff_line = atol(argv[0]) - 1;
data/tardy-1.25/libtardy/roff.cc:597:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[1000];
data/tardy-1.25/libtardy/roff.cc:598:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[1000];
data/tardy-1.25/libtardy/roff.cc:616:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
in -= atoi(argv[0] + 1);
data/tardy-1.25/libtardy/roff.cc:620:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
in += atoi(argv[0] + 1);
data/tardy-1.25/libtardy/roff.cc:624:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
in = atoi(argv[0] + 1);
data/tardy-1.25/libtardy/roff.cc:821:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dot_name[10];
data/tardy-1.25/libtardy/roff.cc:840:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1000];
data/tardy-1.25/libtardy/roff.cc:842:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv[20];
data/tardy-1.25/libtardy/tar/format.cc:114:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to_buf, from_buf, from_len);
data/tardy-1.25/libtardy/tar/format.h:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAMSIZ];
data/tardy-1.25/libtardy/tar/format.h:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[8];
data/tardy-1.25/libtardy/tar/format.h:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uid[8];
data/tardy-1.25/libtardy/tar/format.h:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gid[8];
data/tardy-1.25/libtardy/tar/format.h:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size[12];
data/tardy-1.25/libtardy/tar/format.h:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtime[12];
data/tardy-1.25/libtardy/tar/format.h:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chksum[8];
data/tardy-1.25/libtardy/tar/format.h:73:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkname[NAMSIZ];
data/tardy-1.25/libtardy/tar/format.h:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[8];
data/tardy-1.25/libtardy/tar/format.h:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uname[32];
data/tardy-1.25/libtardy/tar/format.h:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gname[32];
data/tardy-1.25/libtardy/tar/format.h:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devmajor[8];
data/tardy-1.25/libtardy/tar/format.h:78:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devminor[8];
data/tardy-1.25/libtardy/tar/input.cc:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2000];
data/tardy-1.25/libtardy/tar/input.cc:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2000];
data/tardy-1.25/libtardy/tar/input/ar/bsd.cc:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8];
data/tardy-1.25/libtardy/tar/input/ar/bsd.cc:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8];
data/tardy-1.25/libtardy/tar/input/ar/bsd.cc:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[60];
data/tardy-1.25/libtardy/tar/input/ar/pdp11.cc:59:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[2];
data/tardy-1.25/libtardy/tar/input/ar/pdp11.cc:74:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[2];
data/tardy-1.25/libtardy/tar/input/ar/pdp11.cc:109:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[2];
data/tardy-1.25/libtardy/tar/input/ar/pdp11.cc:133:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[18];
data/tardy-1.25/libtardy/tar/input/ar/v7.cc:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2];
data/tardy-1.25/libtardy/tar/input/ar/v7.cc:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2];
data/tardy-1.25/libtardy/tar/input/ar/v7.cc:104:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[2];
data/tardy-1.25/libtardy/tar/input/ar/v7.cc:127:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[26];
data/tardy-1.25/libtardy/tar/input/cpio/binary.cc:33:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[2];
data/tardy-1.25/libtardy/tar/input/cpio/binary.cc:58:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[26];
data/tardy-1.25/libtardy/tar/input/cpio/binary.cc:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[26];
data/tardy-1.25/libtardy/tar/input/cpio/crc.cc:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[6];
data/tardy-1.25/libtardy/tar/input/cpio/crc.cc:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[sizeof(cpio_header)];
data/tardy-1.25/libtardy/tar/input/cpio/crc.h:124:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[6];
data/tardy-1.25/libtardy/tar/input/cpio/crc.h:127:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ino[8];
data/tardy-1.25/libtardy/tar/input/cpio/crc.h:130:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[8];
data/tardy-1.25/libtardy/tar/input/cpio/crc.h:133:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uid[8];
data/tardy-1.25/libtardy/tar/input/cpio/crc.h:136:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gid[8];
data/tardy-1.25/libtardy/tar/input/cpio/crc.h:139:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nlink[8];
data/tardy-1.25/libtardy/tar/input/cpio/crc.h:142:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtime[8];
data/tardy-1.25/libtardy/tar/input/cpio/crc.h:145:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filesize[8];
data/tardy-1.25/libtardy/tar/input/cpio/crc.h:148:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devmajor[8];
data/tardy-1.25/libtardy/tar/input/cpio/crc.h:151:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devminor[8];
data/tardy-1.25/libtardy/tar/input/cpio/crc.h:154:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rdevmajor[8];
data/tardy-1.25/libtardy/tar/input/cpio/crc.h:157:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rdevminor[8];
data/tardy-1.25/libtardy/tar/input/cpio/crc.h:160:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namesize[8];
data/tardy-1.25/libtardy/tar/input/cpio/crc.h:163:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char check[8];
data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.cc:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[6];
data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.cc:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[sizeof(cpio_header)];
data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:113:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[6];
data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:116:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ino[8];
data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:119:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[8];
data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:122:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uid[8];
data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:125:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gid[8];
data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:128:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nlink[8];
data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:131:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtime[8];
data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:134:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filesize[8];
data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:137:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devmajor[8];
data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:140:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devminor[8];
data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:143:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rdevmajor[8];
data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:146:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rdevminor[8];
data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:149:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namesize[8];
data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:152:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char check[8];
data/tardy-1.25/libtardy/tar/input/cpio/old_ascii.cc:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[6];
data/tardy-1.25/libtardy/tar/input/cpio/old_ascii.cc:116:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[76];
data/tardy-1.25/libtardy/tar/input/filename.cc:124:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkname[2000];
data/tardy-1.25/libtardy/tar/input/filter/ar_long_names.cc:95:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512];
data/tardy-1.25/libtardy/tar/input/filter/exclude.cc:73:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[1024];
data/tardy-1.25/libtardy/tar/input/filter/gunzip.cc:83:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, buffered_data + buffered_data_pos, nbytes);
data/tardy-1.25/libtardy/tar/input/filter/gunzip.cc:113:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_buffered_data, data, len);
data/tardy-1.25/libtardy/tar/input/filter/gunzip.cc:114:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy
data/tardy-1.25/libtardy/tar/input/filter/gunzip.cc:148:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffered_data + buffered_data_pos - len, data, len);
data/tardy-1.25/libtardy/tar/input/filter/gunzip.cc:156:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[4];
data/tardy-1.25/libtardy/tar/input/filter/gunzip.cc:214:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char magic[sizeof(gz_magic)];
data/tardy-1.25/libtardy/tar/input/filter/gunzip.cc:468:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[4];
data/tardy-1.25/libtardy/tar/input/tar.cc:251:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[TBLOCK];
data/tardy-1.25/libtardy/tar/input/tar/bsd.cc:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/tardy-1.25/libtardy/tar/input/tar/ustar.cc:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/tardy-1.25/libtardy/tar/output.cc:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2000];
data/tardy-1.25/libtardy/tar/output/ar.cc:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[60];
data/tardy-1.25/libtardy/tar/output/ar.cc:110:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, temp, temp_len);
data/tardy-1.25/libtardy/tar/output/ar.cc:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[60];
data/tardy-1.25/libtardy/tar/output/ar.cc:126:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, temp, temp_len);
data/tardy-1.25/libtardy/tar/output/ar/bsd.cc:109:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[60];
data/tardy-1.25/libtardy/tar/output/ar/bsd.cc:113:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, hdr.name.c_str(), name_size);
data/tardy-1.25/libtardy/tar/output/ar/pdp11.cc:71:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[2];
data/tardy-1.25/libtardy/tar/output/ar/pdp11.cc:107:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[18];
data/tardy-1.25/libtardy/tar/output/ar/pdp11.cc:111:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, hdr.name.c_str(), name_size);
data/tardy-1.25/libtardy/tar/output/ar/port5.cc:163:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[28];
data/tardy-1.25/libtardy/tar/output/ar/port5.cc:164:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, "<ar>", 4);
data/tardy-1.25/libtardy/tar/output/ar/port5.cc:169:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + 4, name.c_str(), name_size);
data/tardy-1.25/libtardy/tar/output/ar/port5.cc:218:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[36];
data/tardy-1.25/libtardy/tar/output/ar/port5.cc:222:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, hdr.name.c_str(), name_size);
data/tardy-1.25/libtardy/tar/output/ar/v7.cc:68:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[2];
data/tardy-1.25/libtardy/tar/output/ar/v7.cc:109:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[26];
data/tardy-1.25/libtardy/tar/output/ar/v7.cc:113:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, hdr.name.c_str(), name_size);
data/tardy-1.25/libtardy/tar/output/cpio/binary.cc:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[26];
data/tardy-1.25/libtardy/tar/output/cpio/crc.cc:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[112];
data/tardy-1.25/libtardy/tar/output/cpio/newascii.cc:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[112];
data/tardy-1.25/libtardy/tar/output/cpio/oldascii.cc:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[78];
data/tardy-1.25/libtardy/tar/output/filter/gzip.cc:72:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[4];
data/tardy-1.25/libtardy/tar/output/filter/gzip.cc:108:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tfn[sizeof(filename_template)];
data/tardy-1.25/libtardy/tar/output/tar.cc:51:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char padding[TBLOCK];
data/tardy-1.25/libtardy/tar/output/tar.cc:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[TBLOCK];
data/tardy-1.25/libtardy/tar/output/tar/bsd.cc:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[TBLOCK];
data/tardy-1.25/libtardy/tar/output/tar/posix.cc:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[TBLOCK];
data/tardy-1.25/libtardy/tar/output/tar/ustar.cc:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[TBLOCK];
data/tardy-1.25/libtardy/tar/output/tar/ustar.cc:80:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block + 508, "tar", 3);
data/tardy-1.25/libtardy/tar/output/tar/ustar.cc:106:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block + 508, "tar", 3);
data/tardy-1.25/libtardy/tar/output/tar/ustar.cc:147:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block + 508, "tar", 3);
data/tardy-1.25/libtardy/tar/output/tar/ustar.cc:177:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block + 508, "tar", 3);
data/tardy-1.25/libtardy/tar/output/tar/v7.cc:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[TBLOCK];
data/tardy-1.25/libtardy/trace.cc:110:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[200];
data/tardy-1.25/libtardy/trace.cc:209:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2000];
data/tardy-1.25/libtardy/ac/dirent.h:27:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define NLENGTH(dirent) (strlen((dirent)->d_name))
data/tardy-1.25/libtardy/file/input.cc:73:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file_input::read(void *data, size_t data_size)
data/tardy-1.25/libtardy/file/input.cc:127:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int nbytes = read(data, data_size);
data/tardy-1.25/libtardy/file/input.cc:143:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t n2 = read(dummy, n);
data/tardy-1.25/libtardy/file/input.h:76:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(void *data, size_t data_size);
data/tardy-1.25/libtardy/file/input/gunzip.cc:140:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t nbytes = deeper->read(buffer, sizeof(buffer));
data/tardy-1.25/libtardy/file/input/gunzip.cc:151:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t nbytes = deeper->read(buffer, sizeof(buffer));
data/tardy-1.25/libtardy/file/input/gunzip.cc:173:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream.avail_in = deeper->read(buf, Z_BUFSIZE);
data/tardy-1.25/libtardy/file/input/gunzip.cc:311:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (deeper->read(buffer, sizeof(buffer)) != sizeof(buffer))
data/tardy-1.25/libtardy/file/input/gunzip.cc:357:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned nbytes = deeper->read(buffer, sizeof(buffer));
data/tardy-1.25/libtardy/file/input/position.cc:54:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t nbytes = deeper->read(data, data_size);
data/tardy-1.25/libtardy/filenamelist/file.cc:49:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
length = source->read(buffer, sizeof(buffer));
data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:122:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *bp = buffer + strlen(buffer);
data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:125:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(bp);
data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:128:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(bp);
data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:130:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (::write(2, buffer, strlen(buffer)) < 0)
data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:180:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(bp);
data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:183:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(bp);
data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:187:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(bp);
data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:190:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(bp);
data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:198:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(bp);
data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:205:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(bp);
data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:209:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (::write(2, buffer, strlen(buffer)) < 0)
data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:228:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(bp);
data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:232:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(bp);
data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:240:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(bp);
data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:244:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(bp);
data/tardy-1.25/libtardy/fstrcmp.cc:423:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return fmemcmp(s1, strlen(s1), s2, strlen(s2));
data/tardy-1.25/libtardy/fstrcmp.cc:423:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return fmemcmp(s1, strlen(s1), s2, strlen(s2));
data/tardy-1.25/libtardy/gmatch.cc:286:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return gmatch_inner(formal, formal_end, actual, actual + strlen(actual));
data/tardy-1.25/libtardy/gmatch.cc:297:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
formal + strlen(formal),
data/tardy-1.25/libtardy/gmatch.cc:299:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
actual + strlen(actual)
data/tardy-1.25/libtardy/mprintf.cc:112:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fp += strlen(fp);
data/tardy-1.25/libtardy/mprintf.cc:116:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fp += strlen(fp);
data/tardy-1.25/libtardy/mprintf.cc:339:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(num);
data/tardy-1.25/libtardy/mprintf.cc:376:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(num);
data/tardy-1.25/libtardy/mprintf.cc:407:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(num);
data/tardy-1.25/libtardy/mprintf.cc:472:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(num);
data/tardy-1.25/libtardy/mprintf.cc:494:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(a);
data/tardy-1.25/libtardy/rcstring.cc:217:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return str_n_from_c(s, strlen(s));
data/tardy-1.25/libtardy/rcstring/accumulator.cc:124:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
push_back(s, strlen(s));
data/tardy-1.25/libtardy/rcstring/list.h:284:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal(const rcstring_list &arg) const;
data/tardy-1.25/libtardy/rcstring/list.h:397:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return lhs.equal(rhs);
data/tardy-1.25/libtardy/rcstring/list.h:413:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return !lhs.equal(rhs);
data/tardy-1.25/libtardy/rcstring/list/equal.cc:23:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
rcstring_list::equal(const rcstring_list &arg)
data/tardy-1.25/libtardy/rcstring/list/wl2str.cc:39:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t seplen = strlen(sep);
data/tardy-1.25/libtardy/roff.cc:302:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
emit_word(roff_file, strlen(roff_file));
data/tardy-1.25/libtardy/roff.cc:307:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
emit_word(line, strlen(line));
data/tardy-1.25/libtardy/roff.cc:508:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[j]);
data/tardy-1.25/libtardy/roff.cc:534:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(argv[j]);
data/tardy-1.25/libtardy/tar/input/ar.cc:69:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return ifp->read(data, data_size);
data/tardy-1.25/libtardy/tar/input/cpio.cc:121:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return ifp->read(data, data_size);
data/tardy-1.25/libtardy/tar/input/filename.cc:85:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int nbytes = source->read(buffer, maxbytes);
data/tardy-1.25/libtardy/tar/input/tar.cc:88:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int nbytes = fp->read(buffer, maximum_length);
data/tardy-1.25/libtardy/tar/output/ar.cc:104:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t temp_len = strlen(temp);
data/tardy-1.25/libtardy/tar/output/ar.cc:120:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t temp_len = strlen(temp);
data/tardy-1.25/libtardy/trace.cc:58:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp2 = cp1 + strlen(cp1);
data/tardy-1.25/libtardy/trace.cc:127:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = buffer + strlen(buffer);
data/tardy-1.25/libtardy/trace.cc:137:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(cp);
ANALYSIS SUMMARY:
Hits = 273
Lines analyzed = 32832 in approximately 0.67 seconds (48790 lines/second)
Physical Source Lines of Code (SLOC) = 16648
Hits@level = [0] 47 [1] 59 [2] 187 [3] 0 [4] 26 [5] 1
Hits@level+ = [0+] 320 [1+] 273 [2+] 214 [3+] 27 [4+] 27 [5+] 1
Hits/KSLOC@level+ = [0+] 19.2215 [1+] 16.3984 [2+] 12.8544 [3+] 1.62182 [4+] 1.62182 [5+] 0.0600673
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.