Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/tardy-1.25/libtardy/ac/assert.h Examining data/tardy-1.25/libtardy/ac/ctype.h Examining data/tardy-1.25/libtardy/ac/dirent.h Examining data/tardy-1.25/libtardy/ac/errno.h Examining data/tardy-1.25/libtardy/ac/fcntl.h Examining data/tardy-1.25/libtardy/ac/grp.h Examining data/tardy-1.25/libtardy/ac/limits.h Examining data/tardy-1.25/libtardy/ac/pwd.h Examining data/tardy-1.25/libtardy/ac/stdarg.h Examining data/tardy-1.25/libtardy/ac/stddef.h Examining data/tardy-1.25/libtardy/ac/stdio.cc Examining data/tardy-1.25/libtardy/ac/stdio.h Examining data/tardy-1.25/libtardy/ac/stdlib.h Examining data/tardy-1.25/libtardy/ac/string.cc Examining data/tardy-1.25/libtardy/ac/string.h Examining data/tardy-1.25/libtardy/ac/sys/param.h Examining data/tardy-1.25/libtardy/ac/sys/stat.h Examining data/tardy-1.25/libtardy/ac/sys/sysmacros.h Examining data/tardy-1.25/libtardy/ac/sys/types.h Examining data/tardy-1.25/libtardy/ac/termios.h Examining data/tardy-1.25/libtardy/ac/time.h Examining data/tardy-1.25/libtardy/ac/unistd.h Examining data/tardy-1.25/libtardy/ac/zlib.cc Examining data/tardy-1.25/libtardy/ac/zlib.h Examining data/tardy-1.25/libtardy/arglex.cc Examining data/tardy-1.25/libtardy/arglex.h Examining data/tardy-1.25/libtardy/cannonical.cc Examining data/tardy-1.25/libtardy/cannonical.h Examining data/tardy-1.25/libtardy/endian.cc Examining data/tardy-1.25/libtardy/endian.h Examining data/tardy-1.25/libtardy/file/input.cc Examining data/tardy-1.25/libtardy/file/input.h Examining data/tardy-1.25/libtardy/file/input/factory.cc Examining data/tardy-1.25/libtardy/file/input/gunzip.cc Examining data/tardy-1.25/libtardy/file/input/gunzip.h Examining data/tardy-1.25/libtardy/file/input/normal.cc Examining data/tardy-1.25/libtardy/file/input/normal.h Examining data/tardy-1.25/libtardy/file/input/position.cc Examining data/tardy-1.25/libtardy/file/input/position.h Examining data/tardy-1.25/libtardy/file/input/stdin.cc Examining data/tardy-1.25/libtardy/file/input/stdin.h Examining data/tardy-1.25/libtardy/file/output.cc Examining data/tardy-1.25/libtardy/file/output.h Examining data/tardy-1.25/libtardy/file/output/buffer.cc Examining data/tardy-1.25/libtardy/file/output/buffer.h Examining data/tardy-1.25/libtardy/file/output/factory.cc Examining data/tardy-1.25/libtardy/file/output/gzip.cc Examining data/tardy-1.25/libtardy/file/output/gzip.h Examining data/tardy-1.25/libtardy/file/output/hexdump.cc Examining data/tardy-1.25/libtardy/file/output/hexdump.h Examining data/tardy-1.25/libtardy/file/output/normal.cc Examining data/tardy-1.25/libtardy/file/output/normal.h Examining data/tardy-1.25/libtardy/file/output/stdout.cc Examining data/tardy-1.25/libtardy/file/output/stdout.h Examining data/tardy-1.25/libtardy/filenamelist.cc Examining data/tardy-1.25/libtardy/filenamelist.h Examining data/tardy-1.25/libtardy/filenamelist/file.cc Examining data/tardy-1.25/libtardy/filenamelist/file.h Examining data/tardy-1.25/libtardy/filenamelist/filter.cc Examining data/tardy-1.25/libtardy/filenamelist/filter.h Examining data/tardy-1.25/libtardy/filenamelist/filter/progress.cc Examining data/tardy-1.25/libtardy/filenamelist/filter/progress.h Examining data/tardy-1.25/libtardy/format_family.cc Examining data/tardy-1.25/libtardy/format_family.h Examining data/tardy-1.25/libtardy/fstrcmp.cc Examining data/tardy-1.25/libtardy/fstrcmp.h Examining data/tardy-1.25/libtardy/gmatch.cc Examining data/tardy-1.25/libtardy/gmatch.h Examining data/tardy-1.25/libtardy/main.h Examining data/tardy-1.25/libtardy/mprintf.cc Examining data/tardy-1.25/libtardy/mprintf.h Examining data/tardy-1.25/libtardy/patchlevel.h Examining data/tardy-1.25/libtardy/rcstring.cc Examining data/tardy-1.25/libtardy/rcstring.h Examining data/tardy-1.25/libtardy/rcstring/accumulator.cc Examining data/tardy-1.25/libtardy/rcstring/accumulator.h Examining data/tardy-1.25/libtardy/rcstring/accumulator/pop_front.cc Examining data/tardy-1.25/libtardy/rcstring/accumulator/printf.cc Examining data/tardy-1.25/libtardy/rcstring/basename.cc Examining data/tardy-1.25/libtardy/rcstring/clear.cc Examining data/tardy-1.25/libtardy/rcstring/dirname.cc Examining data/tardy-1.25/libtardy/rcstring/downcase.cc Examining data/tardy-1.25/libtardy/rcstring/ends_with.cc Examining data/tardy-1.25/libtardy/rcstring/eq.cc Examining data/tardy-1.25/libtardy/rcstring/hexdump.cc Examining data/tardy-1.25/libtardy/rcstring/list.h Examining data/tardy-1.25/libtardy/rcstring/list/appelistuniq.cc Examining data/tardy-1.25/libtardy/rcstring/list/append.cc Examining data/tardy-1.25/libtardy/rcstring/list/append_list.cc Examining data/tardy-1.25/libtardy/rcstring/list/append_uniqu.cc Examining data/tardy-1.25/libtardy/rcstring/list/assign_op.cc Examining data/tardy-1.25/libtardy/rcstring/list/clear.cc Examining data/tardy-1.25/libtardy/rcstring/list/constructor.cc Examining data/tardy-1.25/libtardy/rcstring/list/copy.cc Examining data/tardy-1.25/libtardy/rcstring/list/destructor.cc Examining data/tardy-1.25/libtardy/rcstring/list/equal.cc Examining data/tardy-1.25/libtardy/rcstring/list/intersection.cc Examining data/tardy-1.25/libtardy/rcstring/list/member.cc Examining data/tardy-1.25/libtardy/rcstring/list/member_nocas.cc Examining data/tardy-1.25/libtardy/rcstring/list/pop_back.cc Examining data/tardy-1.25/libtardy/rcstring/list/pop_front.cc Examining data/tardy-1.25/libtardy/rcstring/list/prepend.cc Examining data/tardy-1.25/libtardy/rcstring/list/prepend_list.cc Examining data/tardy-1.25/libtardy/rcstring/list/quote.cc Examining data/tardy-1.25/libtardy/rcstring/list/remove.cc Examining data/tardy-1.25/libtardy/rcstring/list/remove_list.cc Examining data/tardy-1.25/libtardy/rcstring/list/sort.cc Examining data/tardy-1.25/libtardy/rcstring/list/sort_long_short.cc Examining data/tardy-1.25/libtardy/rcstring/list/sort_nocase.cc Examining data/tardy-1.25/libtardy/rcstring/list/sort_vers.cc Examining data/tardy-1.25/libtardy/rcstring/list/str2wl.cc Examining data/tardy-1.25/libtardy/rcstring/list/subset.cc Examining data/tardy-1.25/libtardy/rcstring/list/validate.cc Examining data/tardy-1.25/libtardy/rcstring/list/wl2str.cc Examining data/tardy-1.25/libtardy/rcstring/list/xor.cc Examining data/tardy-1.25/libtardy/rcstring/printf.cc Examining data/tardy-1.25/libtardy/rcstring/quote_c.cc Examining data/tardy-1.25/libtardy/rcstring/substitute.cc Examining data/tardy-1.25/libtardy/rcstring/substring.cc Examining data/tardy-1.25/libtardy/rcstring/upcase.cc Examining data/tardy-1.25/libtardy/read_whole_directory.cc Examining data/tardy-1.25/libtardy/read_whole_directory.h Examining data/tardy-1.25/libtardy/roff.cc Examining data/tardy-1.25/libtardy/roff.h Examining data/tardy-1.25/libtardy/symtab.cc Examining data/tardy-1.25/libtardy/symtab.h Examining data/tardy-1.25/libtardy/tar/format.cc Examining data/tardy-1.25/libtardy/tar/format.h Examining data/tardy-1.25/libtardy/tar/header.cc Examining data/tardy-1.25/libtardy/tar/header.h Examining data/tardy-1.25/libtardy/tar/input.cc Examining data/tardy-1.25/libtardy/tar/input.h Examining data/tardy-1.25/libtardy/tar/input/ar.cc Examining data/tardy-1.25/libtardy/tar/input/ar.h Examining data/tardy-1.25/libtardy/tar/input/ar/bsd.cc Examining data/tardy-1.25/libtardy/tar/input/ar/bsd.h Examining data/tardy-1.25/libtardy/tar/input/ar/factory.cc Examining data/tardy-1.25/libtardy/tar/input/ar/pdp11.cc Examining data/tardy-1.25/libtardy/tar/input/ar/pdp11.h Examining data/tardy-1.25/libtardy/tar/input/ar/v7.cc Examining data/tardy-1.25/libtardy/tar/input/ar/v7.h Examining data/tardy-1.25/libtardy/tar/input/cpio.cc Examining data/tardy-1.25/libtardy/tar/input/cpio.h Examining data/tardy-1.25/libtardy/tar/input/cpio/binary.cc Examining data/tardy-1.25/libtardy/tar/input/cpio/binary.h Examining data/tardy-1.25/libtardy/tar/input/cpio/crc.cc Examining data/tardy-1.25/libtardy/tar/input/cpio/crc.h Examining data/tardy-1.25/libtardy/tar/input/cpio/factory.cc Examining data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.cc Examining data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h Examining data/tardy-1.25/libtardy/tar/input/cpio/old_ascii.cc Examining data/tardy-1.25/libtardy/tar/input/cpio/old_ascii.h Examining data/tardy-1.25/libtardy/tar/input/directory.cc Examining data/tardy-1.25/libtardy/tar/input/directory.h Examining data/tardy-1.25/libtardy/tar/input/factory.cc Examining data/tardy-1.25/libtardy/tar/input/filename.cc Examining data/tardy-1.25/libtardy/tar/input/filename.h Examining data/tardy-1.25/libtardy/tar/input/filenamelist.cc Examining data/tardy-1.25/libtardy/tar/input/filenamelist.h Examining data/tardy-1.25/libtardy/tar/input/filter.cc Examining data/tardy-1.25/libtardy/tar/input/filter.h Examining data/tardy-1.25/libtardy/tar/input/filter/ar_long_names.cc Examining data/tardy-1.25/libtardy/tar/input/filter/ar_long_names.h Examining data/tardy-1.25/libtardy/tar/input/filter/ar_long_names2.cc Examining data/tardy-1.25/libtardy/tar/input/filter/ar_long_names2.h Examining data/tardy-1.25/libtardy/tar/input/filter/clean.cc Examining data/tardy-1.25/libtardy/tar/input/filter/clean.h Examining data/tardy-1.25/libtardy/tar/input/filter/exclude.cc Examining data/tardy-1.25/libtardy/tar/input/filter/exclude.h Examining data/tardy-1.25/libtardy/tar/input/filter/group_name.cc Examining data/tardy-1.25/libtardy/tar/input/filter/group_name.h Examining data/tardy-1.25/libtardy/tar/input/filter/group_numbr.cc Examining data/tardy-1.25/libtardy/tar/input/filter/group_numbr.h Examining data/tardy-1.25/libtardy/tar/input/filter/gunzip.cc Examining data/tardy-1.25/libtardy/tar/input/filter/gunzip.h Examining data/tardy-1.25/libtardy/tar/input/filter/mode_clear.cc Examining data/tardy-1.25/libtardy/tar/input/filter/mode_clear.h Examining data/tardy-1.25/libtardy/tar/input/filter/mode_set.cc Examining data/tardy-1.25/libtardy/tar/input/filter/mode_set.h Examining data/tardy-1.25/libtardy/tar/input/filter/mtime.cc Examining data/tardy-1.25/libtardy/tar/input/filter/mtime.h Examining data/tardy-1.25/libtardy/tar/input/filter/prefix.cc Examining data/tardy-1.25/libtardy/tar/input/filter/prefix.h Examining data/tardy-1.25/libtardy/tar/input/filter/relative_paths.cc Examining data/tardy-1.25/libtardy/tar/input/filter/relative_paths.h Examining data/tardy-1.25/libtardy/tar/input/filter/remov_prefi.cc Examining data/tardy-1.25/libtardy/tar/input/filter/remov_prefi.h Examining data/tardy-1.25/libtardy/tar/input/filter/remove_prefix_count.cc Examining data/tardy-1.25/libtardy/tar/input/filter/remove_prefix_count.h Examining data/tardy-1.25/libtardy/tar/input/filter/suppr_direc.cc Examining data/tardy-1.25/libtardy/tar/input/filter/suppr_direc.h Examining data/tardy-1.25/libtardy/tar/input/filter/user_name.cc Examining data/tardy-1.25/libtardy/tar/input/filter/user_name.h Examining data/tardy-1.25/libtardy/tar/input/filter/user_number.cc Examining data/tardy-1.25/libtardy/tar/input/filter/user_number.h Examining data/tardy-1.25/libtardy/tar/input/tar.cc Examining data/tardy-1.25/libtardy/tar/input/tar.h Examining data/tardy-1.25/libtardy/tar/input/tar/bsd.cc Examining data/tardy-1.25/libtardy/tar/input/tar/bsd.h Examining data/tardy-1.25/libtardy/tar/input/tar/posix.cc Examining data/tardy-1.25/libtardy/tar/input/tar/posix.h Examining data/tardy-1.25/libtardy/tar/input/tar/ustar.cc Examining data/tardy-1.25/libtardy/tar/input/tar/ustar.h Examining data/tardy-1.25/libtardy/tar/input/tar_output_factory.cc Examining data/tardy-1.25/libtardy/tar/output.cc Examining data/tardy-1.25/libtardy/tar/output.h Examining data/tardy-1.25/libtardy/tar/output/ar.cc Examining data/tardy-1.25/libtardy/tar/output/ar.h Examining data/tardy-1.25/libtardy/tar/output/ar/bsd.cc Examining data/tardy-1.25/libtardy/tar/output/ar/bsd.h Examining data/tardy-1.25/libtardy/tar/output/ar/pdp11.cc Examining data/tardy-1.25/libtardy/tar/output/ar/pdp11.h Examining data/tardy-1.25/libtardy/tar/output/ar/port5.cc Examining data/tardy-1.25/libtardy/tar/output/ar/port5.h Examining data/tardy-1.25/libtardy/tar/output/ar/v7.cc Examining data/tardy-1.25/libtardy/tar/output/ar/v7.h Examining data/tardy-1.25/libtardy/tar/output/cpio.cc Examining data/tardy-1.25/libtardy/tar/output/cpio.h Examining data/tardy-1.25/libtardy/tar/output/cpio/binary.cc Examining data/tardy-1.25/libtardy/tar/output/cpio/binary.h Examining data/tardy-1.25/libtardy/tar/output/cpio/crc.cc Examining data/tardy-1.25/libtardy/tar/output/cpio/crc.h Examining data/tardy-1.25/libtardy/tar/output/cpio/newascii.cc Examining data/tardy-1.25/libtardy/tar/output/cpio/newascii.h Examining data/tardy-1.25/libtardy/tar/output/cpio/oldascii.cc Examining data/tardy-1.25/libtardy/tar/output/cpio/oldascii.h Examining data/tardy-1.25/libtardy/tar/output/extract.cc Examining data/tardy-1.25/libtardy/tar/output/extract.h Examining data/tardy-1.25/libtardy/tar/output/filter.cc Examining data/tardy-1.25/libtardy/tar/output/filter.h Examining data/tardy-1.25/libtardy/tar/output/filter/ar_long_names.cc Examining data/tardy-1.25/libtardy/tar/output/filter/ar_long_names.h Examining data/tardy-1.25/libtardy/tar/output/filter/ar_long_names2.cc Examining data/tardy-1.25/libtardy/tar/output/filter/ar_long_names2.h Examining data/tardy-1.25/libtardy/tar/output/filter/basename.cc Examining data/tardy-1.25/libtardy/tar/output/filter/basename.h Examining data/tardy-1.25/libtardy/tar/output/filter/gzip.cc Examining data/tardy-1.25/libtardy/tar/output/filter/gzip.h Examining data/tardy-1.25/libtardy/tar/output/filter/list.cc Examining data/tardy-1.25/libtardy/tar/output/filter/list.h Examining data/tardy-1.25/libtardy/tar/output/tar.cc Examining data/tardy-1.25/libtardy/tar/output/tar.h Examining data/tardy-1.25/libtardy/tar/output/tar/bsd.cc Examining data/tardy-1.25/libtardy/tar/output/tar/bsd.h Examining data/tardy-1.25/libtardy/tar/output/tar/posix.cc Examining data/tardy-1.25/libtardy/tar/output/tar/posix.h Examining data/tardy-1.25/libtardy/tar/output/tar/ustar.cc Examining data/tardy-1.25/libtardy/tar/output/tar/ustar.h Examining data/tardy-1.25/libtardy/tar/output/tar/v7.cc Examining data/tardy-1.25/libtardy/tar/output/tar/v7.h Examining data/tardy-1.25/libtardy/trace.cc Examining data/tardy-1.25/libtardy/trace.h Examining data/tardy-1.25/libtardy/versi_stamp.cc Examining data/tardy-1.25/libtardy/version.cc Examining data/tardy-1.25/libtardy/version_stmp.h Examining data/tardy-1.25/man/man1/o__rules.h Examining data/tardy-1.25/man/man1/o_help.h Examining data/tardy-1.25/man/man1/tardy.h Examining data/tardy-1.25/man/man1/tardy_license.h Examining data/tardy-1.25/man/man1/z_cr.h Examining data/tardy-1.25/man/man1/z_exit.h Examining data/tardy-1.25/tardy/arglex/tardy.cc Examining data/tardy-1.25/tardy/arglex/tardy.h Examining data/tardy-1.25/tardy/ifmt.cc Examining data/tardy-1.25/tardy/ifmt.h Examining data/tardy-1.25/tardy/main.cc Examining data/tardy-1.25/tardy/ofmt.cc Examining data/tardy-1.25/tardy/ofmt.h Examining data/tardy-1.25/tardy/tardy.cc Examining data/tardy-1.25/tardy/tardy.h FINAL RESULTS: data/tardy-1.25/libtardy/tar/input/filename.cc:126:17: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. readlink data/tardy-1.25/libtardy/ac/stdio.cc:27:1: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(char *buffer, size_t, const char *fmt, va_list ap) data/tardy-1.25/libtardy/ac/stdio.cc:29:12: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. return vsprintf(buffer, fmt, ap); data/tardy-1.25/libtardy/ac/stdio.cc:37:1: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(char *buffer, size_t bufsize, const char *fmt, ...) data/tardy-1.25/libtardy/ac/stdio.cc:41:13: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int n = vsnprintf(buffer, bufsize, fmt, ap); data/tardy-1.25/libtardy/file/input.cc:51:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buffer, sizeof(buffer), fmt, ap); data/tardy-1.25/libtardy/file/output.cc:61:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buffer, sizeof(buffer), fmt, ap); data/tardy-1.25/libtardy/main.h:33:53: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define ATTR_PRINTF(x, y) __attribute__((__format__(printf, x, y))) data/tardy-1.25/libtardy/mprintf.cc:338:17: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(num, sizeof(num), fake, a); data/tardy-1.25/libtardy/mprintf.cc:375:17: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(num, sizeof(num), fake, a); data/tardy-1.25/libtardy/mprintf.cc:406:17: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(num, sizeof(num), fake, a); data/tardy-1.25/libtardy/mprintf.cc:471:17: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(num, sizeof(num), fake, a); data/tardy-1.25/libtardy/rcstring.h:182:21: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static rcstring printf(const char *fmt, ...) ATTR_PRINTF(1, 2); data/tardy-1.25/libtardy/rcstring.h:195:21: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static rcstring vprintf(const char *fmt, va_list ap) ATTR_PRINTF(1, 0); data/tardy-1.25/libtardy/rcstring/accumulator.h:188:10: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void printf(const char *fmt, ...) ATTR_PRINTF(2, 3); data/tardy-1.25/libtardy/rcstring/accumulator/printf.cc:25:23: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. rcstring_accumulator::printf(const char *fmt, ...) data/tardy-1.25/libtardy/rcstring/accumulator/printf.cc:30:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(temp, sizeof(temp), fmt, ap); data/tardy-1.25/libtardy/rcstring/printf.cc:24:11: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. rcstring::printf(const char *fmt, ...) data/tardy-1.25/libtardy/rcstring/printf.cc:28:21: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. rcstring result(vprintf(fmt, ap)); data/tardy-1.25/libtardy/rcstring/printf.cc:35:11: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. rcstring::vprintf(const char *fmt, va_list ap) data/tardy-1.25/libtardy/roff.cc:296:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buffer, sizeof(buffer), s, ap); data/tardy-1.25/libtardy/tar/input.cc:42:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buffer, sizeof(buffer), fmt, ap); data/tardy-1.25/libtardy/tar/input.cc:61:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buffer, sizeof(buffer), fmt, ap); data/tardy-1.25/libtardy/tar/output.cc:59:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buffer, sizeof(buffer), fmt, ap); data/tardy-1.25/libtardy/trace.cc:126:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer, explain_program_name_get()); data/tardy-1.25/libtardy/trace.cc:132:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cp, file_name->str_text); data/tardy-1.25/libtardy/trace.cc:210:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buffer, sizeof(buffer), s, ap); data/tardy-1.25/libtardy/ac/string.cc:57:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[16]; data/tardy-1.25/libtardy/arglex.cc:195:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char empty[1]; data/tardy-1.25/libtardy/endian.cc:86:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. union u { char c[2]; short s; } u; data/tardy-1.25/libtardy/file/input.cc:50:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[2000]; data/tardy-1.25/libtardy/file/input.cc:82:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, read_ahead_buffer + read_ahead_pos, nbytes); data/tardy-1.25/libtardy/file/input.cc:111:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_buffer + new_pos, read_ahead_buffer + read_ahead_pos, sz); data/tardy-1.25/libtardy/file/input.cc:119:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(read_ahead_buffer + read_ahead_pos, data, data_size); data/tardy-1.25/libtardy/file/input.cc:139:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dummy[512]; data/tardy-1.25/libtardy/file/input/factory.cc:42:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file_input_gunzip::open data/tardy-1.25/libtardy/file/input/gunzip.cc:94:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file_input_gunzip::open(const file_input::pointer &deeper) data/tardy-1.25/libtardy/file/input/gunzip.cc:139:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[4]; data/tardy-1.25/libtardy/file/input/gunzip.cc:150:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[2]; data/tardy-1.25/libtardy/file/input/gunzip.cc:287:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char gz_magic[2] = {0x1f, 0x8b}; // gzip magic header data/tardy-1.25/libtardy/file/input/gunzip.cc:296:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[sizeof(gz_magic)]; data/tardy-1.25/libtardy/file/input/gunzip.cc:310:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[10]; data/tardy-1.25/libtardy/file/input/gunzip.cc:356:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/tardy-1.25/libtardy/file/input/gunzip.h:57:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). static pointer open(const file_input::pointer &deeper); data/tardy-1.25/libtardy/file/output.cc:60:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[2000]; data/tardy-1.25/libtardy/file/output/buffer.cc:92:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + pos, data, len); data/tardy-1.25/libtardy/file/output/gzip.cc:33:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char gzip_magic[2] = { 0x1F, 0x8B }; // gzip magic header data/tardy-1.25/libtardy/file/output/gzip.cc:80:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[4]; data/tardy-1.25/libtardy/file/output/gzip.cc:125:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char header[10]; data/tardy-1.25/libtardy/file/output/gzip.cc:126:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header, gzip_magic, sizeof(gzip_magic)); data/tardy-1.25/libtardy/file/output/hexdump.h:83:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[8 + 1 + 3 * 16 + 2 + 16 + 1]; data/tardy-1.25/libtardy/filenamelist/file.cc:88:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp2, temp, line_length); data/tardy-1.25/libtardy/filenamelist/file.h:87:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:60:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[10]; data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:120:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[80]; data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:121:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buffer, "\rReading file list: "); data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:138:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[20]; data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:174:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[80]; data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:222:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[80]; data/tardy-1.25/libtardy/mprintf.cc:335:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fake[QUANTUM - 1]; data/tardy-1.25/libtardy/mprintf.cc:337:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char num[MAX_WIDTH + 1]; data/tardy-1.25/libtardy/mprintf.cc:343:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp + length, num, len); data/tardy-1.25/libtardy/mprintf.cc:372:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fake[QUANTUM - 1]; data/tardy-1.25/libtardy/mprintf.cc:374:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char num[MAX_WIDTH + 1]; data/tardy-1.25/libtardy/mprintf.cc:380:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp + length, num, len); data/tardy-1.25/libtardy/mprintf.cc:403:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fake[QUANTUM - 1]; data/tardy-1.25/libtardy/mprintf.cc:405:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char num[MAX_WIDTH + 1]; data/tardy-1.25/libtardy/mprintf.cc:411:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp + length, num, len); data/tardy-1.25/libtardy/mprintf.cc:468:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fake[QUANTUM - 1]; data/tardy-1.25/libtardy/mprintf.cc:470:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char num[MAX_WIDTH + 1]; data/tardy-1.25/libtardy/mprintf.cc:476:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp + length, num, len); data/tardy-1.25/libtardy/mprintf.cc:513:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp + length, a, prec); data/tardy-1.25/libtardy/mprintf.cc:553:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp + length, a->str_text, prec); data/tardy-1.25/libtardy/rcstring.cc:274:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->str_text, s, length); data/tardy-1.25/libtardy/rcstring.cc:404:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, s1->str_text, s1->str_length); data/tardy-1.25/libtardy/rcstring.cc:405:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp + s1->str_length, s2->str_text, s2->str_length); data/tardy-1.25/libtardy/rcstring.cc:446:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, s1->str_text, s1->str_length); data/tardy-1.25/libtardy/rcstring.cc:447:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp + s1->str_length, s2->str_text, s2->str_length); data/tardy-1.25/libtardy/rcstring.cc:448:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy data/tardy-1.25/libtardy/rcstring.h:35:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_text[1]; data/tardy-1.25/libtardy/rcstring/accumulator.cc:78:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_buffer, buffer, length); data/tardy-1.25/libtardy/rcstring/accumulator.cc:111:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_buffer, buffer, length); data/tardy-1.25/libtardy/rcstring/accumulator.cc:116:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + length, cp, n); data/tardy-1.25/libtardy/rcstring/accumulator/printf.cc:29:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[1 << 11]; data/tardy-1.25/libtardy/roff.cc:295:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1000]; data/tardy-1.25/libtardy/roff.cc:305:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[20]; data/tardy-1.25/libtardy/roff.cc:393:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[4]; data/tardy-1.25/libtardy/roff.cc:483:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1000]; data/tardy-1.25/libtardy/roff.cc:511:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bp, argv[j], len); data/tardy-1.25/libtardy/roff.cc:521:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1000]; data/tardy-1.25/libtardy/roff.cc:530:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1000]; data/tardy-1.25/libtardy/roff.cc:537:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bp, argv[j], len); data/tardy-1.25/libtardy/roff.cc:573:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). roff_line = atol(argv[0]) - 1; data/tardy-1.25/libtardy/roff.cc:597:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[1000]; data/tardy-1.25/libtardy/roff.cc:598:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[1000]; data/tardy-1.25/libtardy/roff.cc:616:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). in -= atoi(argv[0] + 1); data/tardy-1.25/libtardy/roff.cc:620:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). in += atoi(argv[0] + 1); data/tardy-1.25/libtardy/roff.cc:624:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). in = atoi(argv[0] + 1); data/tardy-1.25/libtardy/roff.cc:821:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dot_name[10]; data/tardy-1.25/libtardy/roff.cc:840:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[1000]; data/tardy-1.25/libtardy/roff.cc:842:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *argv[20]; data/tardy-1.25/libtardy/tar/format.cc:114:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to_buf, from_buf, from_len); data/tardy-1.25/libtardy/tar/format.h:65:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[NAMSIZ]; data/tardy-1.25/libtardy/tar/format.h:66:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mode[8]; data/tardy-1.25/libtardy/tar/format.h:67:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uid[8]; data/tardy-1.25/libtardy/tar/format.h:68:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gid[8]; data/tardy-1.25/libtardy/tar/format.h:69:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char size[12]; data/tardy-1.25/libtardy/tar/format.h:70:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mtime[12]; data/tardy-1.25/libtardy/tar/format.h:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chksum[8]; data/tardy-1.25/libtardy/tar/format.h:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linkname[NAMSIZ]; data/tardy-1.25/libtardy/tar/format.h:74:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[8]; data/tardy-1.25/libtardy/tar/format.h:75:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uname[32]; data/tardy-1.25/libtardy/tar/format.h:76:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gname[32]; data/tardy-1.25/libtardy/tar/format.h:77:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devmajor[8]; data/tardy-1.25/libtardy/tar/format.h:78:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devminor[8]; data/tardy-1.25/libtardy/tar/input.cc:41:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[2000]; data/tardy-1.25/libtardy/tar/input.cc:60:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[2000]; data/tardy-1.25/libtardy/tar/input/ar/bsd.cc:50:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[8]; data/tardy-1.25/libtardy/tar/input/ar/bsd.cc:66:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[8]; data/tardy-1.25/libtardy/tar/input/ar/bsd.cc:165:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[60]; data/tardy-1.25/libtardy/tar/input/ar/pdp11.cc:59:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[2]; data/tardy-1.25/libtardy/tar/input/ar/pdp11.cc:74:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[2]; data/tardy-1.25/libtardy/tar/input/ar/pdp11.cc:109:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[2]; data/tardy-1.25/libtardy/tar/input/ar/pdp11.cc:133:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[18]; data/tardy-1.25/libtardy/tar/input/ar/v7.cc:57:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[2]; data/tardy-1.25/libtardy/tar/input/ar/v7.cc:68:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[2]; data/tardy-1.25/libtardy/tar/input/ar/v7.cc:104:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[2]; data/tardy-1.25/libtardy/tar/input/ar/v7.cc:127:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[26]; data/tardy-1.25/libtardy/tar/input/cpio/binary.cc:33:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[2]; data/tardy-1.25/libtardy/tar/input/cpio/binary.cc:58:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[26]; data/tardy-1.25/libtardy/tar/input/cpio/binary.cc:74:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[26]; data/tardy-1.25/libtardy/tar/input/cpio/crc.cc:56:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[6]; data/tardy-1.25/libtardy/tar/input/cpio/crc.cc:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[sizeof(cpio_header)]; data/tardy-1.25/libtardy/tar/input/cpio/crc.h:124:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[6]; data/tardy-1.25/libtardy/tar/input/cpio/crc.h:127:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ino[8]; data/tardy-1.25/libtardy/tar/input/cpio/crc.h:130:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mode[8]; data/tardy-1.25/libtardy/tar/input/cpio/crc.h:133:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uid[8]; data/tardy-1.25/libtardy/tar/input/cpio/crc.h:136:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gid[8]; data/tardy-1.25/libtardy/tar/input/cpio/crc.h:139:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nlink[8]; data/tardy-1.25/libtardy/tar/input/cpio/crc.h:142:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mtime[8]; data/tardy-1.25/libtardy/tar/input/cpio/crc.h:145:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filesize[8]; data/tardy-1.25/libtardy/tar/input/cpio/crc.h:148:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devmajor[8]; data/tardy-1.25/libtardy/tar/input/cpio/crc.h:151:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devminor[8]; data/tardy-1.25/libtardy/tar/input/cpio/crc.h:154:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rdevmajor[8]; data/tardy-1.25/libtardy/tar/input/cpio/crc.h:157:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rdevminor[8]; data/tardy-1.25/libtardy/tar/input/cpio/crc.h:160:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char namesize[8]; data/tardy-1.25/libtardy/tar/input/cpio/crc.h:163:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char check[8]; data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.cc:56:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[6]; data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.cc:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[sizeof(cpio_header)]; data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:113:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[6]; data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:116:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ino[8]; data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:119:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mode[8]; data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:122:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uid[8]; data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:125:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gid[8]; data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:128:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nlink[8]; data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:131:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mtime[8]; data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:134:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filesize[8]; data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:137:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devmajor[8]; data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:140:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devminor[8]; data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:143:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rdevmajor[8]; data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:146:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rdevminor[8]; data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:149:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char namesize[8]; data/tardy-1.25/libtardy/tar/input/cpio/new_ascii.h:152:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char check[8]; data/tardy-1.25/libtardy/tar/input/cpio/old_ascii.cc:48:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[6]; data/tardy-1.25/libtardy/tar/input/cpio/old_ascii.cc:116:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[76]; data/tardy-1.25/libtardy/tar/input/filename.cc:124:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linkname[2000]; data/tardy-1.25/libtardy/tar/input/filter/ar_long_names.cc:95:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/tardy-1.25/libtardy/tar/input/filter/exclude.cc:73:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dummy[1024]; data/tardy-1.25/libtardy/tar/input/filter/gunzip.cc:83:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, buffered_data + buffered_data_pos, nbytes); data/tardy-1.25/libtardy/tar/input/filter/gunzip.cc:113:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_buffered_data, data, len); data/tardy-1.25/libtardy/tar/input/filter/gunzip.cc:114:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy data/tardy-1.25/libtardy/tar/input/filter/gunzip.cc:148:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffered_data + buffered_data_pos - len, data, len); data/tardy-1.25/libtardy/tar/input/filter/gunzip.cc:156:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[4]; data/tardy-1.25/libtardy/tar/input/filter/gunzip.cc:214:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char magic[sizeof(gz_magic)]; data/tardy-1.25/libtardy/tar/input/filter/gunzip.cc:468:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[4]; data/tardy-1.25/libtardy/tar/input/tar.cc:251:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char block[TBLOCK]; data/tardy-1.25/libtardy/tar/input/tar/bsd.cc:47:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/tardy-1.25/libtardy/tar/input/tar/ustar.cc:46:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/tardy-1.25/libtardy/tar/output.cc:58:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[2000]; data/tardy-1.25/libtardy/tar/output/ar.cc:102:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[60]; data/tardy-1.25/libtardy/tar/output/ar.cc:110:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, temp, temp_len); data/tardy-1.25/libtardy/tar/output/ar.cc:118:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[60]; data/tardy-1.25/libtardy/tar/output/ar.cc:126:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, temp, temp_len); data/tardy-1.25/libtardy/tar/output/ar/bsd.cc:109:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[60]; data/tardy-1.25/libtardy/tar/output/ar/bsd.cc:113:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, hdr.name.c_str(), name_size); data/tardy-1.25/libtardy/tar/output/ar/pdp11.cc:71:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[2]; data/tardy-1.25/libtardy/tar/output/ar/pdp11.cc:107:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[18]; data/tardy-1.25/libtardy/tar/output/ar/pdp11.cc:111:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, hdr.name.c_str(), name_size); data/tardy-1.25/libtardy/tar/output/ar/port5.cc:163:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[28]; data/tardy-1.25/libtardy/tar/output/ar/port5.cc:164:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, "<ar>", 4); data/tardy-1.25/libtardy/tar/output/ar/port5.cc:169:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + 4, name.c_str(), name_size); data/tardy-1.25/libtardy/tar/output/ar/port5.cc:218:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[36]; data/tardy-1.25/libtardy/tar/output/ar/port5.cc:222:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, hdr.name.c_str(), name_size); data/tardy-1.25/libtardy/tar/output/ar/v7.cc:68:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[2]; data/tardy-1.25/libtardy/tar/output/ar/v7.cc:109:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[26]; data/tardy-1.25/libtardy/tar/output/ar/v7.cc:113:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, hdr.name.c_str(), name_size); data/tardy-1.25/libtardy/tar/output/cpio/binary.cc:69:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[26]; data/tardy-1.25/libtardy/tar/output/cpio/crc.cc:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[112]; data/tardy-1.25/libtardy/tar/output/cpio/newascii.cc:47:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[112]; data/tardy-1.25/libtardy/tar/output/cpio/oldascii.cc:47:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[78]; data/tardy-1.25/libtardy/tar/output/filter/gzip.cc:72:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[4]; data/tardy-1.25/libtardy/tar/output/filter/gzip.cc:108:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tfn[sizeof(filename_template)]; data/tardy-1.25/libtardy/tar/output/tar.cc:51:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char padding[TBLOCK]; data/tardy-1.25/libtardy/tar/output/tar.cc:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[TBLOCK]; data/tardy-1.25/libtardy/tar/output/tar/bsd.cc:46:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char block[TBLOCK]; data/tardy-1.25/libtardy/tar/output/tar/posix.cc:47:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char block[TBLOCK]; data/tardy-1.25/libtardy/tar/output/tar/ustar.cc:48:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char block[TBLOCK]; data/tardy-1.25/libtardy/tar/output/tar/ustar.cc:80:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(block + 508, "tar", 3); data/tardy-1.25/libtardy/tar/output/tar/ustar.cc:106:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(block + 508, "tar", 3); data/tardy-1.25/libtardy/tar/output/tar/ustar.cc:147:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(block + 508, "tar", 3); data/tardy-1.25/libtardy/tar/output/tar/ustar.cc:177:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(block + 508, "tar", 3); data/tardy-1.25/libtardy/tar/output/tar/v7.cc:46:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char block[TBLOCK]; data/tardy-1.25/libtardy/trace.cc:110:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[200]; data/tardy-1.25/libtardy/trace.cc:209:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[2000]; data/tardy-1.25/libtardy/ac/dirent.h:27:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define NLENGTH(dirent) (strlen((dirent)->d_name)) data/tardy-1.25/libtardy/file/input.cc:73:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). file_input::read(void *data, size_t data_size) data/tardy-1.25/libtardy/file/input.cc:127:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int nbytes = read(data, data_size); data/tardy-1.25/libtardy/file/input.cc:143:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t n2 = read(dummy, n); data/tardy-1.25/libtardy/file/input.h:76:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int read(void *data, size_t data_size); data/tardy-1.25/libtardy/file/input/gunzip.cc:140:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t nbytes = deeper->read(buffer, sizeof(buffer)); data/tardy-1.25/libtardy/file/input/gunzip.cc:151:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t nbytes = deeper->read(buffer, sizeof(buffer)); data/tardy-1.25/libtardy/file/input/gunzip.cc:173:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). stream.avail_in = deeper->read(buf, Z_BUFSIZE); data/tardy-1.25/libtardy/file/input/gunzip.cc:311:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (deeper->read(buffer, sizeof(buffer)) != sizeof(buffer)) data/tardy-1.25/libtardy/file/input/gunzip.cc:357:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). unsigned nbytes = deeper->read(buffer, sizeof(buffer)); data/tardy-1.25/libtardy/file/input/position.cc:54:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t nbytes = deeper->read(data, data_size); data/tardy-1.25/libtardy/filenamelist/file.cc:49:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). length = source->read(buffer, sizeof(buffer)); data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:122:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *bp = buffer + strlen(buffer); data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:125:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bp += strlen(bp); data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:128:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bp += strlen(bp); data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:130:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (::write(2, buffer, strlen(buffer)) < 0) data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:180:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bp += strlen(bp); data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:183:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bp += strlen(bp); data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:187:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bp += strlen(bp); data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:190:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bp += strlen(bp); data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:198:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bp += strlen(bp); data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:205:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bp += strlen(bp); data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:209:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (::write(2, buffer, strlen(buffer)) < 0) data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:228:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bp += strlen(bp); data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:232:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bp += strlen(bp); data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:240:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bp += strlen(bp); data/tardy-1.25/libtardy/filenamelist/filter/progress.cc:244:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bp += strlen(bp); data/tardy-1.25/libtardy/fstrcmp.cc:423:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return fmemcmp(s1, strlen(s1), s2, strlen(s2)); data/tardy-1.25/libtardy/fstrcmp.cc:423:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return fmemcmp(s1, strlen(s1), s2, strlen(s2)); data/tardy-1.25/libtardy/gmatch.cc:286:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return gmatch_inner(formal, formal_end, actual, actual + strlen(actual)); data/tardy-1.25/libtardy/gmatch.cc:297:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). formal + strlen(formal), data/tardy-1.25/libtardy/gmatch.cc:299:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). actual + strlen(actual) data/tardy-1.25/libtardy/mprintf.cc:112:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fp += strlen(fp); data/tardy-1.25/libtardy/mprintf.cc:116:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fp += strlen(fp); data/tardy-1.25/libtardy/mprintf.cc:339:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(num); data/tardy-1.25/libtardy/mprintf.cc:376:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(num); data/tardy-1.25/libtardy/mprintf.cc:407:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(num); data/tardy-1.25/libtardy/mprintf.cc:472:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(num); data/tardy-1.25/libtardy/mprintf.cc:494:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(a); data/tardy-1.25/libtardy/rcstring.cc:217:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return str_n_from_c(s, strlen(s)); data/tardy-1.25/libtardy/rcstring/accumulator.cc:124:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). push_back(s, strlen(s)); data/tardy-1.25/libtardy/rcstring/list.h:284:10: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool equal(const rcstring_list &arg) const; data/tardy-1.25/libtardy/rcstring/list.h:397:16: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return lhs.equal(rhs); data/tardy-1.25/libtardy/rcstring/list.h:413:17: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return !lhs.equal(rhs); data/tardy-1.25/libtardy/rcstring/list/equal.cc:23:16: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. rcstring_list::equal(const rcstring_list &arg) data/tardy-1.25/libtardy/rcstring/list/wl2str.cc:39:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t seplen = strlen(sep); data/tardy-1.25/libtardy/roff.cc:302:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). emit_word(roff_file, strlen(roff_file)); data/tardy-1.25/libtardy/roff.cc:307:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). emit_word(line, strlen(line)); data/tardy-1.25/libtardy/roff.cc:508:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(argv[j]); data/tardy-1.25/libtardy/roff.cc:534:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(argv[j]); data/tardy-1.25/libtardy/tar/input/ar.cc:69:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return ifp->read(data, data_size); data/tardy-1.25/libtardy/tar/input/cpio.cc:121:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return ifp->read(data, data_size); data/tardy-1.25/libtardy/tar/input/filename.cc:85:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int nbytes = source->read(buffer, maxbytes); data/tardy-1.25/libtardy/tar/input/tar.cc:88:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int nbytes = fp->read(buffer, maximum_length); data/tardy-1.25/libtardy/tar/output/ar.cc:104:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t temp_len = strlen(temp); data/tardy-1.25/libtardy/tar/output/ar.cc:120:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t temp_len = strlen(temp); data/tardy-1.25/libtardy/trace.cc:58:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp2 = cp1 + strlen(cp1); data/tardy-1.25/libtardy/trace.cc:127:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp = buffer + strlen(buffer); data/tardy-1.25/libtardy/trace.cc:137:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp += strlen(cp); ANALYSIS SUMMARY: Hits = 273 Lines analyzed = 32832 in approximately 0.67 seconds (48790 lines/second) Physical Source Lines of Code (SLOC) = 16648 Hits@level = [0] 47 [1] 59 [2] 187 [3] 0 [4] 26 [5] 1 Hits@level+ = [0+] 320 [1+] 273 [2+] 214 [3+] 27 [4+] 27 [5+] 1 Hits/KSLOC@level+ = [0+] 19.2215 [1+] 16.3984 [2+] 12.8544 [3+] 1.62182 [4+] 1.62182 [5+] 0.0600673 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.