Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tboot-1.9.12+hg20200718/include/config.h
Examining data/tboot-1.9.12+hg20200718/include/elf_defns.h
Examining data/tboot-1.9.12+hg20200718/include/hash.h
Examining data/tboot-1.9.12+hg20200718/include/lcp.h
Examining data/tboot-1.9.12+hg20200718/include/lcp2.h
Examining data/tboot-1.9.12+hg20200718/include/lcp3.h
Examining data/tboot-1.9.12+hg20200718/include/lcp3_hlp.h
Examining data/tboot-1.9.12+hg20200718/include/lcp_hlp.h
Examining data/tboot-1.9.12+hg20200718/include/mle.h
Examining data/tboot-1.9.12+hg20200718/include/tb_error.h
Examining data/tboot-1.9.12+hg20200718/include/tb_policy.h
Examining data/tboot-1.9.12+hg20200718/include/tboot.h
Examining data/tboot-1.9.12+hg20200718/include/uuid.h
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/crtpol.c
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/crtpolelt.c
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/crtpollist.c
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/custom_elt.c
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/hash.c
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/lcputils.c
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/lcputils.h
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/mle_elt.c
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/mle_elt_legacy.c
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/mlehash.c
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/pconf2_elt.c
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/pconf_legacy.c
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/pol.c
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/pol.h
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/poldata.c
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/poldata.h
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/polelt.c
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/polelt.h
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/polelt_plugin.h
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/pollist1.c
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/pollist1.h
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/pollist2.c
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/pollist2.h
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/pollist2_1.c
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/pollist2_1.h
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/sbios_elt.c
Examining data/tboot-1.9.12+hg20200718/lcptools-v2/stm_elt.c
Examining data/tboot-1.9.12+hg20200718/lcptools/defindex.c
Examining data/tboot-1.9.12+hg20200718/lcptools/getcap.c
Examining data/tboot-1.9.12+hg20200718/lcptools/lcptools.c
Examining data/tboot-1.9.12+hg20200718/lcptools/lcptools.h
Examining data/tboot-1.9.12+hg20200718/lcptools/lcputils.c
Examining data/tboot-1.9.12+hg20200718/lcptools/lcputils.h
Examining data/tboot-1.9.12+hg20200718/lcptools/lock.c
Examining data/tboot-1.9.12+hg20200718/lcptools/readpol.c
Examining data/tboot-1.9.12+hg20200718/lcptools/relindex.c
Examining data/tboot-1.9.12+hg20200718/lcptools/writepol.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/include/safe_lib.h
Examining data/tboot-1.9.12+hg20200718/safestringlib/include/safe_lib_errno.h
Examining data/tboot-1.9.12+hg20200718/safestringlib/include/safe_mem_lib.h
Examining data/tboot-1.9.12+hg20200718/safestringlib/include/safe_str_lib.h
Examining data/tboot-1.9.12+hg20200718/safestringlib/include/safe_types.h
Examining data/tboot-1.9.12+hg20200718/safestringlib/include/snprintf_s.h
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/abort_handler_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/ignore_handler_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/mem_primitives_lib.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/mem_primitives_lib.h
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/memcmp16_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/memcmp32_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/memcmp_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/memcpy16_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/memcpy32_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/memcpy_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/memmove16_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/memmove32_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/memmove_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/memset16_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/memset32_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/memset_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/memzero16_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/memzero32_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/memzero_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/safe_mem_constraint.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/safe_mem_constraint.h
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/safe_str_constraint.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/safe_str_constraint.h
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/safeclib_private.h
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/snprintf_support.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/stpcpy_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/stpncpy_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strcasecmp_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strcasestr_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strcat_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strcmp_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strcmpfld_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strcpy_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strcpyfld_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strcpyfldin_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strcpyfldout_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strcspn_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strfirstchar_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strfirstdiff_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strfirstsame_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strisalphanumeric_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strisascii_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strisdigit_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strishex_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strislowercase_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strismixedcase_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strispassword_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strisuppercase_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strlastchar_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strlastdiff_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strlastsame_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strljustify_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strncat_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strncpy_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strnlen_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strnterminate_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strpbrk_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strprefix_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strremovews_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strspn_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strstr_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strtok_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strtolowercase_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strtouppercase_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/strzero_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/wcpcpy_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/wcscat_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/wcscpy_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/wcsncat_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/wcsncpy_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/wcsnlen_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/wmemcmp_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/wmemcpy_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/wmemmove_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/safeclib/wmemset_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/Safe_String_UnitTestMain.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_memcmp16_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_memcmp32_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_memcmp_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_memcpy16_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_memcpy32_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_memcpy_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_memmove16_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_memmove32_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_memmove_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_memset16_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_memset32_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_memset_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_memzero16_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_memzero32_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_memzero_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_private.h
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpcpy_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasecmp_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmp_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpy_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfld_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldout_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcspn_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstchar_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstdiff_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstsame_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisalphanumeric_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisascii_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisdigit_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strishex_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strislowercase_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strismixed_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strispassword_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisuppercase_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastchar_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastdiff_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastsame_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strljustify_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncat_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnlen_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnterminate_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strpbrk_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strprefix_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strremovews_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strspn_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtok_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtolowercase_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtouppercase_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strzero_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wcpcpy_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wcscat_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wcscpy_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wcsncat_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wcsncpy_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wcsnlen_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wmemcmp_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wmemcpy_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wmemmove_s.c
Examining data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wmemset_s.c
Examining data/tboot-1.9.12+hg20200718/tb_polgen/commands.c
Examining data/tboot-1.9.12+hg20200718/tb_polgen/hash.c
Examining data/tboot-1.9.12+hg20200718/tb_polgen/param.c
Examining data/tboot-1.9.12+hg20200718/tb_polgen/policy.c
Examining data/tboot-1.9.12+hg20200718/tb_polgen/tb_polgen.c
Examining data/tboot-1.9.12+hg20200718/tb_polgen/tb_polgen.h
Examining data/tboot-1.9.12+hg20200718/tboot/common/acpi.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/cmdline.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/com.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/e820.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/efi_memmap.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/elf.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/hash.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/index.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/integrity.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/linux.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/loader.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/lz.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/memcmp.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/memcpy.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/misc.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/paging.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/pci_cfgreg.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/policy.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/printk.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/rijndael.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/sha1.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/sha256.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/sha384.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/sha512.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/strcmp.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/strlen.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/strncmp.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/strncpy.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/strtoul.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/tb_error.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/tboot.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/tpm.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/tpm_12.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/tpm_20.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/vga.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/vmac.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/vsprintf.c
Examining data/tboot-1.9.12+hg20200718/tboot/common/vtd.c
Examining data/tboot-1.9.12+hg20200718/tboot/include/acpi.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/atomic.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/cmdline.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/com.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/compiler.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/ctype.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/e820.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/efi_memmap.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/integrity.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/io.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/linux_defns.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/loader.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/lz.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/misc.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/msr.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/multiboot.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/mutex.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/page.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/paging.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/pci_cfgreg.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/printk.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/processor.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/rijndael.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/sha1.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/sha2.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/string.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/tpm.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/tpm_20.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/txt/acmod.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/txt/config_regs.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/txt/errorcode.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/txt/heap.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/txt/mtrrs.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/txt/smx.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/txt/txt.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/txt/verify.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/txt/vmcs.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/types.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/vga.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/vmac.h
Examining data/tboot-1.9.12+hg20200718/tboot/include/vtd.h
Examining data/tboot-1.9.12+hg20200718/tboot/txt/acmod.c
Examining data/tboot-1.9.12+hg20200718/tboot/txt/errors.c
Examining data/tboot-1.9.12+hg20200718/tboot/txt/heap.c
Examining data/tboot-1.9.12+hg20200718/tboot/txt/mtrrs.c
Examining data/tboot-1.9.12+hg20200718/tboot/txt/txt.c
Examining data/tboot-1.9.12+hg20200718/tboot/txt/verify.c
Examining data/tboot-1.9.12+hg20200718/tboot/txt/vmcs.c
Examining data/tboot-1.9.12+hg20200718/txt-test/txt-test.c
Examining data/tboot-1.9.12+hg20200718/utils/txt-acminfo.c
Examining data/tboot-1.9.12+hg20200718/utils/txt-parse_err.c
Examining data/tboot-1.9.12+hg20200718/utils/txt-stat.c
FINAL RESULTS:
data/tboot-1.9.12+hg20200718/lcptools-v2/crtpol.c:51:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools-v2/crtpolelt.c:46:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools-v2/crtpollist.c:55:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools-v2/custom_elt.c:46:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools-v2/hash.c:45:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools-v2/lcputils.c:55:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools-v2/lcputils.c:71:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/tboot-1.9.12+hg20200718/lcptools-v2/lcputils.c:81:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/tboot-1.9.12+hg20200718/lcptools-v2/lcputils.c:91:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, ap);
data/tboot-1.9.12+hg20200718/lcptools-v2/mle_elt.c:44:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools-v2/mle_elt_legacy.c:44:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools-v2/mlehash.c:47:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools-v2/mlehash.c:250:42: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define log_info(fmt, ...) verbose ? printf(fmt, ##__VA_ARGS__) : 0
data/tboot-1.9.12+hg20200718/lcptools-v2/pconf2_elt.c:39:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools-v2/pconf_legacy.c:47:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools-v2/pol.c:44:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools-v2/poldata.c:43:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools-v2/polelt.c:43:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools-v2/pollist1.c:43:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools-v2/pollist2.c:48:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools-v2/pollist2_1.c:43:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools-v2/sbios_elt.c:44:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools-v2/stm_elt.c:44:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools/defindex.c:47:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools/getcap.c:49:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools/lcptools.c:44:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools/lcputils.c:48:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools/lcputils.h:37:38: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define log_message(dest, fmt, ...) fprintf(dest, fmt, ## __VA_ARGS__)
data/tboot-1.9.12+hg20200718/lcptools/lock.c:47:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools/readpol.c:44:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools/relindex.c:47:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/lcptools/writepol.c:44:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/safestringlib/safeclib/safeclib_private.h:79:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define slprintf(...) fprintf(stderr, __VA_ARGS__)
data/tboot-1.9.12+hg20200718/safestringlib/safeclib/safeclib_private.h:82:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define sldebug_printf(...) printf(__VA_ARGS__)
data/tboot-1.9.12+hg20200718/safestringlib/safeclib/snprintf_support.c:244:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
return snprintf(dest, dmax, format, a);
data/tboot-1.9.12+hg20200718/safestringlib/safeclib/snprintf_support.c:269:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
return snprintf(dest, dmax, format, a);
data/tboot-1.9.12+hg20200718/safestringlib/safeclib/snprintf_support.c:300:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
return snprintf(dest, dmax, format, s, a);
data/tboot-1.9.12+hg20200718/safestringlib/safeclib/snprintf_support.c:331:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
return snprintf(dest, dmax, format, s, a);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_private.h:42:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf(...) printk(KERN_INFO __VA_ARGS__)
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_private.h:55:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debug_printf printf
data/tboot-1.9.12+hg20200718/tb_polgen/commands.c:44:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/tb_polgen/hash.c:43:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/tb_polgen/param.c:45:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/tb_polgen/policy.c:43:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/tb_polgen/tb_polgen.c:41:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINT printf
data/tboot-1.9.12+hg20200718/tb_polgen/tb_polgen.h:41:37: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define error_msg(fmt, ...) fprintf(stderr, fmt, ##__VA_ARGS__)
data/tboot-1.9.12+hg20200718/tb_polgen/tb_polgen.h:42:50: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define info_msg(fmt, ...) if (verbose) printf(fmt , ##__VA_ARGS__)
data/tboot-1.9.12+hg20200718/tboot/include/printk.h:65:50: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 1, 2)));
data/tboot-1.9.12+hg20200718/txt-test/txt-test.c:135:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int access;
data/tboot-1.9.12+hg20200718/txt-test/txt-test.c:151:71: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
printk(KERN_ALERT "TPM: Locality %d access = %x\n", locality, access);
data/tboot-1.9.12+hg20200718/utils/txt-acminfo.c:50:18: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printk printf
data/tboot-1.9.12+hg20200718/utils/txt-parse_err.c:47:18: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printk printf
data/tboot-1.9.12+hg20200718/utils/txt-stat.c:52:18: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printk printf
data/tboot-1.9.12+hg20200718/lcptools/getcap.c:90:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while (((c = getopt(argc, (char ** const)argv, short_option)) != -1))
data/tboot-1.9.12+hg20200718/lcptools/lock.c:72:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while (((c = getopt(argc, (char ** const)argv, short_option)) != -1))
data/tboot-1.9.12+hg20200718/lcptools/readpol.c:90:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while (((c = getopt(argc, (char ** const)argv, short_option)) != -1))
data/tboot-1.9.12+hg20200718/lcptools/relindex.c:87:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while (((c = getopt(argc,(char ** const)argv, short_option)) != -1))
data/tboot-1.9.12+hg20200718/lcptools/writepol.c:92:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while (((c = getopt(argc, (char ** const)argv, short_option)) != -1))
data/tboot-1.9.12+hg20200718/utils/txt-stat.c:321:18: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ( (c = getopt_long(argc, (char **const)argv,
data/tboot-1.9.12+hg20200718/include/elf_defns.h:41:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e_ident[16];
data/tboot-1.9.12+hg20200718/include/elf_defns.h:59:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e_ident[16]; /* ELF identification */
data/tboot-1.9.12+hg20200718/include/lcp2.h:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_signature[LCP_FILE_SIG_LENGTH];
data/tboot-1.9.12+hg20200718/include/lcp3.h:188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_signature[LCP_FILE_SIG_LENGTH];
data/tboot-1.9.12+hg20200718/include/lcp3.h:439:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_signature[32];
data/tboot-1.9.12+hg20200718/lcptools-v2/crtpol.c:134:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char policy_file[MAX_PATH] = "";
data/tboot-1.9.12+hg20200718/lcptools-v2/crtpol.c:135:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char poldata_file[MAX_PATH] = "";
data/tboot-1.9.12+hg20200718/lcptools-v2/crtpol.c:137:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lcp_alg_name[32] = "";
data/tboot-1.9.12+hg20200718/lcptools-v2/crtpol.c:138:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aux_alg_name[32] = "";
data/tboot-1.9.12+hg20200718/lcptools-v2/crtpol.c:139:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sign_alg_name[32] = "";
data/tboot-1.9.12+hg20200718/lcptools-v2/crtpol.c:140:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pol_ver_name[32] = "";
data/tboot-1.9.12+hg20200718/lcptools-v2/crtpol.c:141:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lcp_hash_mask_name[32] = "";
data/tboot-1.9.12+hg20200718/lcptools-v2/crtpol.c:146:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[32] = "";
data/tboot-1.9.12+hg20200718/lcptools-v2/crtpol.c:154:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char files[LCP_MAX_LISTS][MAX_PATH];
data/tboot-1.9.12+hg20200718/lcptools-v2/crtpolelt.c:59:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char help[MAX_HELP_TEXT] =
data/tboot-1.9.12+hg20200718/lcptools-v2/crtpolelt.c:133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_file[MAX_PATH] = "";
data/tboot-1.9.12+hg20200718/lcptools-v2/crtpollist.c:154:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pollist_file[MAX_PATH] = "";
data/tboot-1.9.12+hg20200718/lcptools-v2/crtpollist.c:155:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sigalg_name[32] = "";
data/tboot-1.9.12+hg20200718/lcptools-v2/crtpollist.c:157:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pubkey_file[MAX_PATH] = "";
data/tboot-1.9.12+hg20200718/lcptools-v2/crtpollist.c:158:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char privkey_file[MAX_PATH] = "";
data/tboot-1.9.12+hg20200718/lcptools-v2/crtpollist.c:159:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sig_file[MAX_PATH] = "";
data/tboot-1.9.12+hg20200718/lcptools-v2/crtpollist.c:163:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char files[MAX_FILES][MAX_PATH];
data/tboot-1.9.12+hg20200718/lcptools-v2/crtpollist.c:164:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hash_alg_name[32] = "";
data/tboot-1.9.12+hg20200718/lcptools-v2/hash.c:199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char byte[3] = {0, 0, 0};
data/tboot-1.9.12+hg20200718/lcptools-v2/lcputils.c:138:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(file, "rb");
data/tboot-1.9.12+hg20200718/lcptools-v2/lcputils.c:181:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(file, "wb");
data/tboot-1.9.12+hg20200718/lcptools-v2/lcputils.c:247:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(filename, "r");
data/tboot-1.9.12+hg20200718/lcptools-v2/lcputils.c:253:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[1024];
data/tboot-1.9.12+hg20200718/lcptools-v2/lcputils.c:276:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/tboot-1.9.12+hg20200718/lcptools-v2/lcputils.c:313:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/tboot-1.9.12+hg20200718/lcptools-v2/lcputils.c:894:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(privkey_file, "r");
data/tboot-1.9.12+hg20200718/lcptools-v2/lcputils.c:1030:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(key_path, "r");
data/tboot-1.9.12+hg20200718/lcptools-v2/lcputils.h:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list_file[MAX_PATH];
data/tboot-1.9.12+hg20200718/lcptools-v2/lcputils.h:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pubkey_file[MAX_PATH];
data/tboot-1.9.12+hg20200718/lcptools-v2/lcputils.h:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char privkey_file[MAX_PATH];
data/tboot-1.9.12+hg20200718/lcptools-v2/mle_elt.c:57:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char alg_name[32] = "sha1";
data/tboot-1.9.12+hg20200718/lcptools-v2/mlehash.c:61:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char help[MAX_HELP_TEXT] =
data/tboot-1.9.12+hg20200718/lcptools-v2/mlehash.c:73:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alg_name[32] = "sha1";
data/tboot-1.9.12+hg20200718/lcptools-v2/mlehash.c:278:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuffer[1024];
data/tboot-1.9.12+hg20200718/lcptools-v2/mlehash.c:300:21: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
fdecompressed = tmpfile();
data/tboot-1.9.12+hg20200718/lcptools-v2/mlehash.c:377:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mle_file[MAX_PATH] = "";
data/tboot-1.9.12+hg20200718/lcptools-v2/pconf2_elt.c:174:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pcr_comp[iter_b * pcr_alg_size],
data/tboot-1.9.12+hg20200718/lcptools-v2/pconf2_elt.c:211:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tpm_quote, tpml_select, tpml_select_size);
data/tboot-1.9.12+hg20200718/lcptools-v2/pconf2_elt.c:212:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tpm_quote + tpml_select_size, pcr_digest, pcr_digest_size);
data/tboot-1.9.12+hg20200718/lcptools-v2/pconf2_elt.c:236:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix_nested[80];
data/tboot-1.9.12+hg20200718/lcptools-v2/pconf_legacy.c:72:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pcr_info_files[MAX_FILES][MAX_PATH];
data/tboot-1.9.12+hg20200718/lcptools-v2/pconf_legacy.c:105:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file, "r");
data/tboot-1.9.12+hg20200718/lcptools-v2/pconf_legacy.c:149:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
this_pcr.num = atoi(token);
data/tboot-1.9.12+hg20200718/lcptools-v2/pconf_legacy.c:350:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_prefix[new_prefix_len];
data/tboot-1.9.12+hg20200718/lcptools-v2/pol.c:191:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32] = "";
data/tboot-1.9.12+hg20200718/lcptools-v2/poldata.c:161:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_prefix[strnlen_s(prefix, 20)+8];
data/tboot-1.9.12+hg20200718/lcptools-v2/polelt.c:106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_prefix[strnlen_s(prefix, 20)+8];
data/tboot-1.9.12+hg20200718/lcptools-v2/pollist1.c:191:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_prefix[strnlen_s(prefix, 20)+8];
data/tboot-1.9.12+hg20200718/lcptools-v2/pollist1.c:362:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_prefix[strnlen_s(prefix, 20)+8];
data/tboot-1.9.12+hg20200718/lcptools-v2/pollist2.c:323:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_prefix[strnlen_s(prefix, 20)+8];
data/tboot-1.9.12+hg20200718/lcptools-v2/pollist2.c:612:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_prefix[strnlen_s(prefix, 20)+8];
data/tboot-1.9.12+hg20200718/lcptools-v2/pollist2.c:634:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_prefix[strnlen_s(prefix, 20)+8];
data/tboot-1.9.12+hg20200718/lcptools-v2/pollist2.c:818:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(file, "r");
data/tboot-1.9.12+hg20200718/lcptools-v2/pollist2.c:862:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[keysize];
data/tboot-1.9.12+hg20200718/lcptools-v2/pollist2.c:898:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(pubkey_file, "r");
data/tboot-1.9.12+hg20200718/lcptools-v2/pollist2_1.c:444:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_prefix[new_prefix_size];
data/tboot-1.9.12+hg20200718/lcptools-v2/pollist2_1.c:1001:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_prefix[new_prefix_len]; //To make digests indented.
data/tboot-1.9.12+hg20200718/lcptools-v2/pollist2_1.c:1545:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file, "r");
data/tboot-1.9.12+hg20200718/lcptools-v2/pollist2_1.c:1768:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(pubkey_file, "r");
data/tboot-1.9.12+hg20200718/lcptools-v2/sbios_elt.c:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char alg_name[32] = "sha1";
data/tboot-1.9.12+hg20200718/lcptools-v2/stm_elt.c:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char alg_name[32] = "sha1";
data/tboot-1.9.12+hg20200718/lcptools/defindex.c:196:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rd_pcrcom[26] = {0};
data/tboot-1.9.12+hg20200718/lcptools/defindex.c:198:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char wrt_pcrcom[26] = {0};
data/tboot-1.9.12+hg20200718/lcptools/getcap.c:179:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[BUFFER_SIZE], *pbuf;
data/tboot-1.9.12+hg20200718/lcptools/getcap.c:269:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[BUFFER_SIZE];
data/tboot-1.9.12+hg20200718/lcptools/getcap.c:342:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[BUFFER_SIZE];
data/tboot-1.9.12+hg20200718/lcptools/lcptools.c:508:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hpcrhash[SHA1_HASH_LEN];
data/tboot-1.9.12+hg20200718/lcptools/lcptools.c:803:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char policylist[MAX_POLICY_LIST_SIZE];
data/tboot-1.9.12+hg20200718/lcptools/lcptools.c:860:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char polhash[SHA1_HASH_LEN] = { 0 };
data/tboot-1.9.12+hg20200718/lcptools/lcptools.c:862:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hashval[SHA1_HASH_LEN];
data/tboot-1.9.12+hg20200718/lcptools/lcputils.c:536:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[32] = "";
data/tboot-1.9.12+hg20200718/lcptools/readpol.c:184:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char policy_data[BUFFER_SIZE];
data/tboot-1.9.12+hg20200718/lcptools/readpol.c:233:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
p_file = fopen(file, "wb");
data/tboot-1.9.12+hg20200718/lcptools/writepol.c:188:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
p_file = fopen(file, "rb");
data/tboot-1.9.12+hg20200718/safestringlib/safeclib/snprintf_support.c:226:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pformatList[MAX_FORMAT_ELEMENTS];
data/tboot-1.9.12+hg20200718/safestringlib/safeclib/snprintf_support.c:251:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pformatList[MAX_FORMAT_ELEMENTS];
data/tboot-1.9.12+hg20200718/safestringlib/safeclib/snprintf_support.c:275:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pformatList[MAX_FORMAT_ELEMENTS];
data/tboot-1.9.12+hg20200718/safestringlib/safeclib/snprintf_support.c:306:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pformatList[MAX_FORMAT_ELEMENTS];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/Safe_String_UnitTestMain.c:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[128];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/Safe_String_UnitTestMain.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[128];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpcpy_s.c:78:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpcpy_s.c:79:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpcpy_s.c:138:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpcpy_s.c:170:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpcpy_s.c:189:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpcpy_s.c:208:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&str1[0], "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpcpy_s.c:241:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&str1[0], "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpcpy_s.c:279:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpcpy_s.c:312:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&str2[0], "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpcpy_s.c:334:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&str2[0], "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpcpy_s.c:358:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "qqweqeqeqeq");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpcpy_s.c:359:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpcpy_s.c:383:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "qqweqeqeqeq");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpcpy_s.c:384:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpcpy_s.c:405:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "qqweqeqeqeq");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpcpy_s.c:406:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpcpy_s.c:427:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "qqweqeqeqeq");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpcpy_s.c:428:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "it");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpcpy_s.c:451:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "qq12345weqeqeqeq");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpcpy_s.c:452:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "it");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:83:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:84:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:148:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:180:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:200:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:220:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&str1[0], "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:253:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&str1[0], "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:291:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:324:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&str2[0], "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:346:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&str2[0], "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:372:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "xxxxxxxxxx");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:373:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "abcde");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:406:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "xxxxxxxxxxxxxxxxxxxx");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:407:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "abcde");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:447:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "xxxxxxxxxx");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:448:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "abcde");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:481:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "xxxxxxxxxx");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:482:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "abcde");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:515:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "qqweqeqeqeq");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:516:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:538:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "qqweqeqeqeq");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:539:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:561:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "qqweqeqeqeq");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:562:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "it");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:586:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "qq12345weqeqeqeq");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_stpncpy_s.c:587:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "it");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasecmp_s.c:14:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasecmp_s.c:15:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasecmp_s.c:108:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "KEEP IT SIMPLE");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasecmp_s.c:109:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasecmp_s.c:123:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "KEEP IT SIMPLE");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasecmp_s.c:124:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasecmp_s.c:139:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "KEEP IT SIMPLE");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasecmp_s.c:140:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasecmp_s.c:155:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "KEEP IT SIMPLE");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasecmp_s.c:156:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasecmp_s.c:177:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasecmp_s.c:178:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keeP it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasecmp_s.c:193:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasecmp_s.c:208:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "KEEP it simplified");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasecmp_s.c:209:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasecmp_s.c:224:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "KEEP 1234567890");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasecmp_s.c:225:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:145:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "key");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:171:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:199:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:200:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "kee");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:216:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:217:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "eep it");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:233:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:234:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "ethe");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:250:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:251:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "er");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:281:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:282:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "er");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:312:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:313:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "it all");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:328:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:329:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "it all");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:344:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:345:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "it all");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:360:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:361:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "it all");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:376:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:377:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "1234");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:393:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:394:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "IT ALL");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:409:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:410:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "EEP");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:13:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:14:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:59:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:60:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:75:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:76:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:91:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&str1[0], "aaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:92:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&str2[0], "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:113:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:129:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:145:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:179:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:195:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "qqweqq");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:196:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:212:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "1234");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:213:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:223:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "1234");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:224:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:240:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "12345678901234567890");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:255:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "123456789");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:270:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "123");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:271:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:287:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "1234");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:288:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "56789");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmp_s.c:14:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmp_s.c:15:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmp_s.c:107:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmp_s.c:108:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmp_s.c:124:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "Keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmp_s.c:125:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmp_s.c:147:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmp_s.c:148:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keeP it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmp_s.c:169:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmp_s.c:191:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simplified");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmp_s.c:192:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmp_s.c:214:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmp_s.c:215:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simplified");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c:70:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c:71:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c:89:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c:90:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c:108:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c:109:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c:127:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c:128:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c:147:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c:150:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c:169:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c:174:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c:193:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c:197:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c:215:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c:220:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpy_s.c:14:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpy_s.c:15:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpy_s.c:33:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpy_s.c:74:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpy_s.c:99:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpy_s.c:109:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&str1[0], "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpy_s.c:133:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&str1[0], "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpy_s.c:150:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&str2[0], "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpy_s.c:167:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "qqweqeqeqeq");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpy_s.c:168:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpy_s.c:185:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "qqweqeqeqeq");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpy_s.c:186:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpy_s.c:201:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "qqweqeqeqeq");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpy_s.c:202:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpy_s.c:217:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "qqweqeqeqeq");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpy_s.c:218:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "it");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpy_s.c:235:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "qq12345weqeqeqeq");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpy_s.c:236:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "it");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfld_s.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfld_s.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfld_s.c:35:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfld_s.c:95:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfld_s.c:98:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfld_s.c:117:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfld_s.c:120:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfld_s.c:139:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfld_s.c:142:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfld_s.c:161:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfld_s.c:164:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfld_s.c:183:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfld_s.c:187:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c:68:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c:69:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "01234567890123456789");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c:89:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c:90:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "01234567890123456789");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c:108:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c:109:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "01234567890123456789");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c:127:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c:128:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "01234567890123456789");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c:147:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c:166:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it simple for best results ");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c:185:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it simple for best results ");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c:204:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c:207:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "KEEP IT SIMPLE PLEASE");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c:224:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "always keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c:227:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldout_s.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldout_s.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldout_s.c:88:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldout_s.c:89:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "01234567890123456789");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldout_s.c:109:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldout_s.c:110:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "01234567890123456789");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldout_s.c:129:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldout_s.c:130:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "01234567890123456789");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldout_s.c:150:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldout_s.c:169:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it simple for best results");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldout_s.c:188:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it simple for best results ");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldout_s.c:207:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldout_s.c:210:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "aaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldout_s.c:228:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "always keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldout_s.c:231:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcspn_s.c:14:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcspn_s.c:15:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcspn_s.c:155:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcspn_s.c:156:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "KEEP");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcspn_s.c:174:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcspn_s.c:175:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "KEEP");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcspn_s.c:193:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcspn_s.c:194:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "KEEP");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcspn_s.c:213:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcspn_s.c:214:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "KEEP");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcspn_s.c:232:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcspn_s.c:233:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "ABCDEF");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcspn_s.c:251:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcspn_s.c:252:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcspn_s.c:271:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcspn_s.c:272:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "notincluded");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcspn_s.c:291:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcspn_s.c:292:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "1234567890");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstchar_s.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstchar_s.c:86:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "Keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstchar_s.c:101:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "kEEp it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstchar_s.c:116:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simpleZ");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstchar_s.c:132:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simpleZZ");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstdiff_s.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstdiff_s.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstdiff_s.c:101:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "Keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstdiff_s.c:102:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstdiff_s.c:117:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "kEeP it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstdiff_s.c:118:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstdiff_s.c:133:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstdiff_s.c:134:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keEp IT simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstdiff_s.c:149:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstdiff_s.c:164:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstdiff_s.c:165:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstdiff_s.c:180:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simplE");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstdiff_s.c:181:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstdiff_s.c:196:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simplE");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstdiff_s.c:197:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstdiff_s.c:212:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simplE");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstdiff_s.c:213:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstsame_s.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstsame_s.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstsame_s.c:101:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "kEEP it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstsame_s.c:102:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstsame_s.c:117:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "Keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstsame_s.c:118:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstsame_s.c:133:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "KEEP it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstsame_s.c:134:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstsame_s.c:149:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstsame_s.c:150:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "KEEP_IT_SIMPLe");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstsame_s.c:165:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstsame_s.c:166:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "KEEP_IT_SIMPLe");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstsame_s.c:181:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstsame_s.c:197:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "KEEP it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstsame_s.c:198:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstsame_s.c:213:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstsame_s.c:214:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "KEEP_IT_SIMPLE");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstsame_s.c:229:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstsame_s.c:230:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "KEEP_IT_SIMPLE");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisalphanumeric_s.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisalphanumeric_s.c:61:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "123456789");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisalphanumeric_s.c:93:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "NowISTHETimE4us");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisalphanumeric_s.c:104:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "qq21ego");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisalphanumeric_s.c:115:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "1234");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisalphanumeric_s.c:128:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "!@#$%^&*(){}[]:;\"'?/.>,<");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisascii_s.c:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisascii_s.c:59:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "ABCDEFGHIJK");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisascii_s.c:91:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "NowISTHETimE");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisascii_s.c:102:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "qq21ego");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisascii_s.c:112:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "1234");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisdigit_s.c:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisdigit_s.c:58:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "123456789");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisdigit_s.c:80:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "12");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisdigit_s.c:91:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "1abcd");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisdigit_s.c:102:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "abcd");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strishex_s.c:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strishex_s.c:67:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "123456789");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strishex_s.c:89:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "12");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strishex_s.c:100:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "1Af");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strishex_s.c:111:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "FF");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strishex_s.c:122:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "1abzd");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strislowercase_s.c:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strislowercase_s.c:58:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "qqweqeqeqeq");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strislowercase_s.c:69:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "qqweqeqeqeq");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strislowercase_s.c:80:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "qqWe go");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strislowercase_s.c:91:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "1234");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strismixed_s.c:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strismixed_s.c:58:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "AaBbCcDdEeFf");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strismixed_s.c:80:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "NowISTHETimE");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strismixed_s.c:91:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "qq21ego");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strismixed_s.c:102:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "1234");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strispassword_s.c:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strispassword_s.c:62:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "Test4You*123");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strispassword_s.c:73:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "Test4You*");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strispassword_s.c:84:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "Test4You*Test4You*Test4You*");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strispassword_s.c:95:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "Eest!22/");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strispassword_s.c:106:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "pa$$W0rD");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strispassword_s.c:117:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "Test");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisuppercase_s.c:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisuppercase_s.c:58:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "ABCDEFGHIGHIJ");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisuppercase_s.c:69:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "ABCDEFGHIGHIJ");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisuppercase_s.c:80:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "qqWe go");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisuppercase_s.c:91:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "1234");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisuppercase_s.c:102:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "!@#$%^&*()");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastchar_s.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastchar_s.c:86:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "Keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastchar_s.c:101:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "Keep it simplezz");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastchar_s.c:116:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "Keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastchar_s.c:131:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "kEEp it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastchar_s.c:146:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "kEep it Simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastdiff_s.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastdiff_s.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastdiff_s.c:102:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "Keep iT simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastdiff_s.c:103:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastdiff_s.c:118:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "kEep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastdiff_s.c:119:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastdiff_s.c:134:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it siMple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastdiff_s.c:135:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keEp it Simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastdiff_s.c:150:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastdiff_s.c:165:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastdiff_s.c:166:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastdiff_s.c:181:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastdiff_s.c:182:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simplE");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastsame_s.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastsame_s.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastsame_s.c:101:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "Keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastsame_s.c:102:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep_IT_SIMPLISTIC");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastsame_s.c:117:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "kEEP_IT_SIMPLE");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastsame_s.c:118:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simplistic");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastsame_s.c:133:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "kkEEP_IT_SIMPLE");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastsame_s.c:134:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "kkeep it simplistic");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastsame_s.c:149:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastsame_s.c:150:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keeP_IT_SIMPLe");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastsame_s.c:165:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastsame_s.c:181:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "KEEP it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastsame_s.c:182:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastsame_s.c:197:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "KEEP it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastsame_s.c:198:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "Keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastsame_s.c:213:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastsame_s.c:214:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "KEEP_IT_SIMPLE");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastsame_s.c:229:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strlastsame_s.c:230:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "KEEP_IT_SIMPLE");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strljustify_s.c:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strljustify_s.c:61:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "ABCDEFGHIJK");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strljustify_s.c:79:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, " ABCDEFGHIJK");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strljustify_s.c:115:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "ABC");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strljustify_s.c:133:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "ABC");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strljustify_s.c:152:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, " B ");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strljustify_s.c:170:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, " B ");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strljustify_s.c:188:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, " C ");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strljustify_s.c:206:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, " NowISTHETimE ");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strljustify_s.c:224:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, " qq21ego ");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strljustify_s.c:236:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, " 1234 ");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncat_s.c:13:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncat_s.c:14:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncat_s.c:63:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncat_s.c:64:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncat_s.c:79:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncat_s.c:80:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncat_s.c:128:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncat_s.c:129:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncat_s.c:147:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "good");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncat_s.c:148:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "bye");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncat_s.c:165:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "hello");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncat_s.c:182:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "hello");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncat_s.c:198:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "abc");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:14:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:15:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:16:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dest[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:35:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:69:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:86:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:87:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:98:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:115:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:132:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:148:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:166:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:185:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "qqweqeqeqeq");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:186:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:205:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "qqweqeqeqeq");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:206:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:221:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "qqweqeqeqeq");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:222:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:238:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest, " ");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:239:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "hello");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:257:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest, " ");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:258:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "goodbye");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:269:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest, " ");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:270:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "goodbye");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:287:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest, " ");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:288:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "good");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:306:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "qq12345weqeqeqeq");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncpy_s.c:307:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "it");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnterminate_s.c:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnterminate_s.c:34:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest,"test");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnterminate_s.c:44:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest,"test");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnterminate_s.c:54:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest,"ff");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnterminate_s.c:67:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest,"ff");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnterminate_s.c:99:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest,"ff");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnterminate_s.c:110:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest,"test");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnterminate_s.c:121:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest,"testing");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnterminate_s.c:132:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest,"testing");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnterminate_s.c:143:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest,"testing");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnterminate_s.c:154:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest,"testing");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnterminate_s.c:165:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest,"012345678901234567890");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strpbrk_s.c:14:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strpbrk_s.c:15:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strpbrk_s.c:129:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strpbrk_s.c:130:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "1234");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strpbrk_s.c:146:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strpbrk_s.c:147:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "ke");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strpbrk_s.c:163:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simplez");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strpbrk_s.c:180:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strpbrk_s.c:181:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "123456");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strpbrk_s.c:196:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strpbrk_s.c:212:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strpbrk_s.c:229:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strpbrk_s.c:230:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "ke");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strpbrk_s.c:246:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strpbrk_s.c:247:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "hip");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strpbrk_s.c:263:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simply");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strpbrk_s.c:264:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "123y");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strprefix_s.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strprefix_s.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strprefix_s.c:68:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strprefix_s.c:69:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strprefix_s.c:79:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strprefix_s.c:80:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "kerp");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strprefix_s.c:90:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "ke");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strprefix_s.c:91:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "kerp");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strprefix_s.c:101:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strprefix_s.c:102:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strprefix_s.c:112:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strprefix_s.c:113:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keeeep");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strprefix_s.c:123:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strprefix_s.c:133:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strprefix_s.c:134:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it sipmle and very long");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strprefix_s.c:146:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strprefix_s.c:147:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strremovews_s.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strremovews_s.c:52:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "ABCDEFGHIJK");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strremovews_s.c:68:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "ABCDEFGHIJK");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strremovews_s.c:80:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, " ABCDEFGHIJK");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strremovews_s.c:97:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, " ABCDEFGHIJK");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strremovews_s.c:127:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "ABC");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strremovews_s.c:144:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, " B");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strremovews_s.c:161:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, " C ");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strremovews_s.c:179:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, " NowISTHETimE 1 2 ");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strremovews_s.c:197:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, " q q21ego");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strremovews_s.c:215:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, " 1 2 3 4 ");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strspn_s.c:14:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strspn_s.c:15:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strspn_s.c:128:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strspn_s.c:129:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strspn_s.c:144:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strspn_s.c:145:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strspn_s.c:160:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strspn_s.c:161:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strspn_s.c:176:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strspn_s.c:193:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strspn_s.c:194:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "ke");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strspn_s.c:211:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strspn_s.c:212:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strspn_s.c:228:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strspn_s.c:229:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "keep");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strspn_s.c:245:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strspn_s.c:246:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "notincluded");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strspn_s.c:262:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str1, "keep it simple");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strspn_s.c:263:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str2, "1234567890");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:14:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:15:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:130:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:146:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:147:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "kee");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:163:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:164:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "eep it");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:180:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:181:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "ethe");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:197:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:198:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "he");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:216:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:217:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "er");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:235:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:236:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "it all");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:246:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:247:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "it all");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:257:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:258:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "it all");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:268:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:269:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "1234");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:286:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:287:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "it all");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:297:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "keep it all together");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:298:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "eep");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtok_s.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtok_s.c:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtok_s.c:77:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaaaaaaa");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtok_s.c:80:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "fedcba");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtok_s.c:91:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "jklmnopqrst");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtok_s.c:94:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "fedcba");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtok_s.c:109:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaamnopqrst");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtok_s.c:112:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "fedcba");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtok_s.c:124:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "aaamnopqrstfedcba");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtok_s.c:127:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str2, "fedcba");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtok_s.c:158:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "?a???b,,,#c");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtok_s.c:174:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "?a???b,,,#c");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtolowercase_s.c:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtolowercase_s.c:81:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "NOWISTHETIM3");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtolowercase_s.c:96:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "NOWISTHETIME");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtolowercase_s.c:112:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "qqeRo");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtolowercase_s.c:128:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "1234");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtouppercase_s.c:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtouppercase_s.c:101:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "nowisthetime");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtouppercase_s.c:119:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "qqeRo");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtouppercase_s.c:137:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (str, "1234");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strzero_s.c:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strzero_s.c:112:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str1, "Now is the time for all data to be zeroed");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wcpcpy_s.c:78:8: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wcpcpy_s.c:79:8: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wcscat_s.c:37:8: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wcscat_s.c:38:8: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wcscpy_s.c:78:8: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wcscpy_s.c:79:8: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wcsncat_s.c:80:8: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wcsncat_s.c:81:8: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wcsncpy_s.c:76:8: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wcsncpy_s.c:77:8: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t str2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wcsnlen_s.c:59:8: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t str1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wmemcmp_s.c:80:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t mem1[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wmemcmp_s.c:81:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t mem2[LEN];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wmemcpy_s.c:64:8: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t mem1[LEN+2];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wmemcpy_s.c:65:8: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t mem2[LEN+2];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wmemmove_s.c:72:8: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t mem1[LEN+2];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wmemmove_s.c:73:8: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t mem2[LEN+2];
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_wmemset_s.c:62:8: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t mem1[LEN];
data/tboot-1.9.12+hg20200718/tb_polgen/commands.c:58:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/tboot-1.9.12+hg20200718/tb_polgen/commands.c:64:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rb");
data/tboot-1.9.12+hg20200718/tb_polgen/policy.c:57:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(elt_filename, "rb");
data/tboot-1.9.12+hg20200718/tb_polgen/policy.c:97:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(policy_filename, "r");
data/tboot-1.9.12+hg20200718/tb_polgen/policy.c:136:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(policy_filename, "w");
data/tboot-1.9.12+hg20200718/tb_polgen/tb_polgen.h:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[TBOOT_KERNEL_CMDLINE_SIZE];
data/tboot-1.9.12+hg20200718/tb_polgen/tb_polgen.h:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char image_file[FILENAME_MAX];
data/tboot-1.9.12+hg20200718/tb_polgen/tb_polgen.h:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char elt_file[FILENAME_MAX];
data/tboot-1.9.12+hg20200718/tb_polgen/tb_polgen.h:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char policy_file[FILENAME_MAX];
data/tboot-1.9.12+hg20200718/tboot/common/cmdline.c:57:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
__text char g_cmdline[CMDLINE_SIZE] = { 0 };
data/tboot-1.9.12+hg20200718/tboot/common/cmdline.c:93:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char g_tboot_param_values[ARRAY_SIZE(g_tboot_cmdline_options)][MAX_VALUE_LEN];
data/tboot-1.9.12+hg20200718/tboot/common/cmdline.c:100:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char g_linux_param_values[ARRAY_SIZE(g_linux_cmdline_options)][MAX_VALUE_LEN];
data/tboot-1.9.12+hg20200718/tboot/common/linux.c:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdchunk[CHUNK_SIZE+1];
data/tboot-1.9.12+hg20200718/tboot/common/loader.c:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdchunk[CHUNK_SIZE+1];
data/tboot-1.9.12+hg20200718/tboot/common/loader.c:201:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chunk[CHUNK_SIZE+1];
data/tboot-1.9.12+hg20200718/tboot/common/loader.c:415:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuf[TBOOT_KERNEL_CMDLINE_SIZE];
data/tboot-1.9.12+hg20200718/tboot/common/policy.c:705:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdchunk[CHUNK_SIZE+1];
data/tboot-1.9.12+hg20200718/tboot/common/printk.c:92:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32*1024];
data/tboot-1.9.12+hg20200718/tboot/common/printk.c:201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/tboot-1.9.12+hg20200718/tboot/common/sha1.c:251:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int sha1_buffer(const unsigned char *buffer, size_t len,
data/tboot-1.9.12+hg20200718/tboot/common/sha1.c:252:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[SHA_DIGEST_LENGTH])
data/tboot-1.9.12+hg20200718/tboot/common/sha256.c:241:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int sha256_buffer(const unsigned char *buffer, size_t len,
data/tboot-1.9.12+hg20200718/tboot/common/sha256.c:242:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[32])
data/tboot-1.9.12+hg20200718/tboot/common/sha384.c:45:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/tboot-1.9.12+hg20200718/tboot/common/sha384.c:60:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int sha384_buffer(const unsigned char *buffer, size_t len,
data/tboot-1.9.12+hg20200718/tboot/common/sha384.c:61:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[48])
data/tboot-1.9.12+hg20200718/tboot/common/sha512.c:246:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int sha512_buffer(const unsigned char *buffer, size_t len,
data/tboot-1.9.12+hg20200718/tboot/common/sha512.c:247:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[64])
data/tboot-1.9.12+hg20200718/tboot/common/tboot.c:523:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[32];
data/tboot-1.9.12+hg20200718/tboot/common/vmac.c:1015:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char n[16],
data/tboot-1.9.12+hg20200718/tboot/common/vmac.c:1041:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)in_n)[15] &= 0xFE;
data/tboot-1.9.12+hg20200718/tboot/common/vmac.c:1045:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)in_n)[15] |= (unsigned char)(1-i);
data/tboot-1.9.12+hg20200718/tboot/common/vmac.c:1071:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)in)[0] = 0x80;
data/tboot-1.9.12+hg20200718/tboot/common/vmac.c:1077:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)in)[15] += 1;
data/tboot-1.9.12+hg20200718/tboot/common/vmac.c:1081:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)in)[0] = 0xC0;
data/tboot-1.9.12+hg20200718/tboot/common/vmac.c:1088:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)in)[15] += 1;
data/tboot-1.9.12+hg20200718/tboot/common/vmac.c:1092:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)in)[0] = 0xE0;
data/tboot-1.9.12+hg20200718/tboot/common/vmac.c:1100:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)in)[15] += 1;
data/tboot-1.9.12+hg20200718/tboot/common/vsprintf.c:347:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char __str[32]; \
data/tboot-1.9.12+hg20200718/tboot/common/vsprintf.c:375:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1];
data/tboot-1.9.12+hg20200718/tboot/include/cmdline.h:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char g_cmdline[CMDLINE_SIZE];
data/tboot-1.9.12+hg20200718/tboot/include/multiboot.h:174:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[0];
data/tboot-1.9.12+hg20200718/tboot/include/multiboot.h:222:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[0];
data/tboot-1.9.12+hg20200718/tboot/include/multiboot.h:277:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sections[0];
data/tboot-1.9.12+hg20200718/tboot/include/sha1.h:74:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int sha1_buffer(const unsigned char *buffer, size_t len,
data/tboot-1.9.12+hg20200718/tboot/include/sha1.h:75:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[SHA_DIGEST_LENGTH]);
data/tboot-1.9.12+hg20200718/tboot/include/sha2.h:47:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[128];
data/tboot-1.9.12+hg20200718/tboot/include/sha2.h:53:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/tboot-1.9.12+hg20200718/tboot/include/sha2.h:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[1];
data/tboot-1.9.12+hg20200718/tboot/include/sha2.h:67:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int sha256_buffer(const unsigned char *buffer, size_t len,
data/tboot-1.9.12+hg20200718/tboot/include/sha2.h:68:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[32]);
data/tboot-1.9.12+hg20200718/tboot/include/sha2.h:74:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int sha384_buffer(const unsigned char *buffer, size_t len,
data/tboot-1.9.12+hg20200718/tboot/include/sha2.h:75:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[48]);
data/tboot-1.9.12+hg20200718/tboot/include/sha2.h:81:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int sha512_buffer(const unsigned char *buffer, size_t len,
data/tboot-1.9.12+hg20200718/tboot/include/sha2.h:82:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[64]);
data/tboot-1.9.12+hg20200718/tboot/include/txt/vmcs.h:41:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[0]; /* vmcs size is read from MSR */
data/tboot-1.9.12+hg20200718/tboot/include/vmac.h:151:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char n[16],
data/tboot-1.9.12+hg20200718/tboot/txt/vmcs.c:158:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char host_vmcs[PAGE_SIZE];
data/tboot-1.9.12+hg20200718/tboot/txt/vmcs.c:159:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ap_vmcs[NR_CPUS][PAGE_SIZE];
data/tboot-1.9.12+hg20200718/utils/txt-acminfo.c:76:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/dev/cpu/0/msr", O_RDONLY);
data/tboot-1.9.12+hg20200718/utils/txt-acminfo.c:115:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file_name, O_RDONLY);
data/tboot-1.9.12+hg20200718/utils/txt-acminfo.c:189:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd_mem = open("/dev/mem", O_RDONLY);
data/tboot-1.9.12+hg20200718/utils/txt-parse_err.c:75:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd_mem = open("/dev/mem", O_RDONLY);
data/tboot-1.9.12+hg20200718/utils/txt-stat.c:221:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[512];
data/tboot-1.9.12+hg20200718/utils/txt-stat.c:222:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pbuf[32*1024];
data/tboot-1.9.12+hg20200718/utils/txt-stat.c:341:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_mem = open("/dev/mem", O_RDONLY);
data/tboot-1.9.12+hg20200718/lcptools/lock.c:121:17: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getchar() | ' ';
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:253:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:254:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(str2);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:284:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:285:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(str2);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcasestr_s.c:379:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:94:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:95:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(str2);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcat_s.c:103:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len3 = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c:130:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c:153:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c:170:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c:194:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcmpfld_s.c:216:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfld_s.c:162:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfld_s.c:165:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(str2);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfld_s.c:184:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str1) + 2;
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfld_s.c:188:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c:71:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c:72:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(str2);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c:167:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c:205:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c:225:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldin_s.c:228:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(str2);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldout_s.c:170:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldout_s.c:208:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldout_s.c:211:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(str2);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldout_s.c:229:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strcpyfldout_s.c:232:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(str2);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strfirstchar_s.c:117:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisalphanumeric_s.c:72:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(str, "N");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisalphanumeric_s.c:82:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(str, "N");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisalphanumeric_s.c:83:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisalphanumeric_s.c:94:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisalphanumeric_s.c:105:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisalphanumeric_s.c:117:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisalphanumeric_s.c:129:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisascii_s.c:69:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (str, "N");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisascii_s.c:70:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisascii_s.c:80:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (str, "N");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisascii_s.c:81:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisascii_s.c:92:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisascii_s.c:114:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisdigit_s.c:69:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(str, "1");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisdigit_s.c:70:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisdigit_s.c:81:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisdigit_s.c:92:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisdigit_s.c:103:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strishex_s.c:78:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (str, "1");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strishex_s.c:79:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strishex_s.c:90:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strishex_s.c:101:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strishex_s.c:112:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strishex_s.c:123:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strislowercase_s.c:70:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strislowercase_s.c:81:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strislowercase_s.c:92:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strismixed_s.c:69:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(str, "N");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strismixed_s.c:70:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strismixed_s.c:81:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strismixed_s.c:92:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strismixed_s.c:103:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strispassword_s.c:74:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strispassword_s.c:85:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strispassword_s.c:96:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strispassword_s.c:107:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strispassword_s.c:118:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisuppercase_s.c:70:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisuppercase_s.c:81:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisuppercase_s.c:92:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strisuppercase_s.c:103:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strljustify_s.c:97:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (str, "A");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strljustify_s.c:153:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strljustify_s.c:171:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strljustify_s.c:189:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strljustify_s.c:207:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strljustify_s.c:225:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strljustify_s.c:237:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncat_s.c:95:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(str1, "a");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncat_s.c:96:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(str2, "b");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncat_s.c:111:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(str1, "a");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strncat_s.c:112:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(str2, "b");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnlen_s.c:48:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std_len = strlen("");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnlen_s.c:60:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std_len = strlen("t");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnlen_s.c:72:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std_len = strlen("to");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnlen_s.c:84:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std_len = strlen("testing");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnterminate_s.c:24:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dest,"");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnterminate_s.c:55:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std_len = strlen(dest);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnterminate_s.c:77:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dest,"f");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnterminate_s.c:88:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dest,"f");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnterminate_s.c:158:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len != strlen(dest)) {
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strnterminate_s.c:171:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len != strlen(dest)) {
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strpbrk_s.c:164:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (str2, "z");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strpbrk_s.c:197:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (str2, "");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strpbrk_s.c:213:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (str2, "k");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strprefix_s.c:136:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strprefix_s.c:149:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strremovews_s.c:109:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (str, "A");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strremovews_s.c:145:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strremovews_s.c:162:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strremovews_s.c:180:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strremovews_s.c:198:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strremovews_s.c:216:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strspn_s.c:177:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (str2, "k");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:200:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:201:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(str2);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:219:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:220:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(str2);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strstr_s.c:271:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtok_s.c:78:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtok_s.c:92:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str1) - 2; /* cheat on len */
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtok_s.c:110:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtok_s.c:125:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtok_s.c:159:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtok_s.c:161:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(str2, "?");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtok_s.c:175:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str1);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtok_s.c:177:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(str2, ","); /* change the tokenizer string */
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtolowercase_s.c:49:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(str, "N");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtolowercase_s.c:50:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtolowercase_s.c:65:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(str, "n");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtolowercase_s.c:66:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtolowercase_s.c:97:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtolowercase_s.c:113:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtolowercase_s.c:129:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtouppercase_s.c:65:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (str, "n");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtouppercase_s.c:66:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtouppercase_s.c:83:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (str, "N");
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtouppercase_s.c:84:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtouppercase_s.c:102:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtouppercase_s.c:120:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strtouppercase_s.c:138:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tboot-1.9.12+hg20200718/safestringlib/unittests/test_strzero_s.c:113:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_len = strlen("Now is the ");
data/tboot-1.9.12+hg20200718/tboot/common/vsprintf.c:126:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* str, size_t strlen,
data/tboot-1.9.12+hg20200718/tboot/common/vsprintf.c:131:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen = (strlen > mods->precision) ? mods->precision : strlen;
data/tboot-1.9.12+hg20200718/tboot/common/vsprintf.c:131:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen = (strlen > mods->precision) ? mods->precision : strlen;
data/tboot-1.9.12+hg20200718/tboot/common/vsprintf.c:132:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mods->width = ( mods->width > strlen ) ? mods->width - strlen : 0;
data/tboot-1.9.12+hg20200718/tboot/common/vsprintf.c:132:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mods->width = ( mods->width > strlen ) ? mods->width - strlen : 0;
data/tboot-1.9.12+hg20200718/tboot/common/vsprintf.c:134:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i = 0; i < strlen; i++ )
data/tboot-1.9.12+hg20200718/tboot/common/vsprintf.c:143:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i = 0; i < strlen; i++ )
data/tboot-1.9.12+hg20200718/tboot/common/vsprintf.c:151:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
static size_t int2str(long long val, char *str, size_t strlen,
data/tboot-1.9.12+hg20200718/tboot/common/vsprintf.c:172:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen < 2 )
data/tboot-1.9.12+hg20200718/tboot/common/vsprintf.c:210:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( length >= strlen )
data/tboot-1.9.12+hg20200718/tboot/common/vsprintf.c:225:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( length >= strlen )
data/tboot-1.9.12+hg20200718/utils/txt-acminfo.c:88:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( read(fd, &val, sizeof(val)) != sizeof(val) ) {
data/tboot-1.9.12+hg20200718/utils/txt-stat.c:359:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_ret = read(fd_mem, buf, TXT_CONFIG_REGS_SIZE);
data/tboot-1.9.12+hg20200718/utils/txt-stat.c:407:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_ret = read(fd_mem, buf, heap_size);
data/tboot-1.9.12+hg20200718/utils/txt-stat.c:450:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_ret = read(fd_mem, buf, TBOOT_SERIAL_LOG_SIZE);
ANALYSIS SUMMARY:
Hits = 902
Lines analyzed = 81940 in approximately 2.28 seconds (36001 lines/second)
Physical Source Lines of Code (SLOC) = 50968
Hits@level = [0] 1482 [1] 147 [2] 696 [3] 6 [4] 53 [5] 0
Hits@level+ = [0+] 2384 [1+] 902 [2+] 755 [3+] 59 [4+] 53 [5+] 0
Hits/KSLOC@level+ = [0+] 46.7744 [1+] 17.6974 [2+] 14.8132 [3+] 1.15759 [4+] 1.03987 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.