Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tclthread-2.8.5/generic/threadPoolCmd.c
Examining data/tclthread-2.8.5/generic/threadSvCmd.h
Examining data/tclthread-2.8.5/generic/tclXkeylist.c
Examining data/tclthread-2.8.5/generic/threadCmd.c
Examining data/tclthread-2.8.5/generic/tclThreadInt.h
Examining data/tclthread-2.8.5/generic/threadNs.c
Examining data/tclthread-2.8.5/generic/tclXkeylist.h
Examining data/tclthread-2.8.5/generic/tclThread.h
Examining data/tclthread-2.8.5/generic/psLmdb.h
Examining data/tclthread-2.8.5/generic/threadSvListCmd.c
Examining data/tclthread-2.8.5/generic/threadSvListCmd.h
Examining data/tclthread-2.8.5/generic/threadSpCmd.c
Examining data/tclthread-2.8.5/generic/psGdbm.c
Examining data/tclthread-2.8.5/generic/psLmdb.c
Examining data/tclthread-2.8.5/generic/threadSvKeylistCmd.c
Examining data/tclthread-2.8.5/generic/psGdbm.h
Examining data/tclthread-2.8.5/generic/threadSvCmd.c
Examining data/tclthread-2.8.5/generic/threadSpCmd.h
Examining data/tclthread-2.8.5/generic/threadSvKeylistCmd.h
Examining data/tclthread-2.8.5/win/nmakehlp.c
Examining data/tclthread-2.8.5/unix/threadUnix.c
FINAL RESULTS:
data/tclthread-2.8.5/generic/tclXkeylist.c:85:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(strcpy ((char *)ckalloc (strlen (sourceStr) + 1), sourceStr))
data/tclthread-2.8.5/generic/threadCmd.c:1216:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(errorProcString, proc);
data/tclthread-2.8.5/generic/threadCmd.c:1842:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
evalScript = strcpy((char*)ckalloc(scriptLen+1), ctrlPtr->script);
data/tclthread-2.8.5/generic/threadCmd.c:3741:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
resultPtr->result = strcpy((char *)ckalloc(1+strlen(diemsg)), diemsg);
data/tclthread-2.8.5/generic/threadCmd.c:3768:37: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
tResultPtr->resultMsg = strcpy((char *)ckalloc(1+strlen(diemsg)),
data/tclthread-2.8.5/generic/threadCmd.c:3799:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(handlePtr, THREAD_HNDLPREFIX "%p", thrId);
data/tclthread-2.8.5/generic/threadCmd.c:3826:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(thrHandle, THREAD_HNDLPREFIX "%p", thrIdPtr) == 1) {
data/tclthread-2.8.5/generic/threadNs.c:73:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
md->modname = strcpy(ns_malloc(strlen(mod)+1), mod);
data/tclthread-2.8.5/generic/threadNs.c:74:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
md->server = strcpy(ns_malloc(strlen(srv)+1), srv);
data/tclthread-2.8.5/generic/threadPoolCmd.c:242:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
cmd = strcpy((char *)ckalloc(objv[ii+1]->length+1), val);
data/tclthread-2.8.5/generic/threadPoolCmd.c:245:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
exs = strcpy((char *)ckalloc(objv[ii+1]->length+1), val);
data/tclthread-2.8.5/generic/threadPoolCmd.c:301:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%p", TPOOL_HNDLPREFIX, tpoolPtr);
data/tclthread-2.8.5/generic/threadPoolCmd.c:467:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
rPtr->script = strcpy((char *)ckalloc(len+1), script);
data/tclthread-2.8.5/generic/threadPoolCmd.c:1032:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%p", TPOOL_HNDLPREFIX, tpoolPtr);
data/tclthread-2.8.5/generic/threadPoolCmd.c:1156:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
rPtr->result = strcpy((char *)ckalloc(strlen(errMsg)+1), errMsg);
data/tclthread-2.8.5/generic/threadPoolCmd.c:1171:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
rPtr->result = strcpy((char *)ckalloc(strlen(errMsg)+1), errMsg);
data/tclthread-2.8.5/generic/threadPoolCmd.c:1480:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(tpoolName, TPOOL_HNDLPREFIX"%p", &tpool) != 1) {
data/tclthread-2.8.5/generic/threadPoolCmd.c:1529:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rPtr->errorCode, errorCode);
data/tclthread-2.8.5/generic/threadPoolCmd.c:1533:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rPtr->errorInfo, errorInfo);
data/tclthread-2.8.5/generic/threadPoolCmd.c:1543:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
rPtr->result = strcpy((char *)ckalloc(1 + reslen), result);
data/tclthread-2.8.5/generic/threadSvCmd.c:179:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newCmd->cmdName, TSV_CMD_PREFIX);
data/tclthread-2.8.5/generic/threadSvCmd.c:180:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newCmd->cmdName, cmdName);
data/tclthread-2.8.5/generic/threadSvCmd.c:182:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newCmd->cmdName2, TSV_CMD2_PREFIX);
data/tclthread-2.8.5/generic/threadSvCmd.c:183:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newCmd->cmdName2, cmdName);
data/tclthread-2.8.5/generic/threadSvCmd.c:1379:34: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
arrayPtr->bindAddr = strcpy((char *)ckalloc(len+1), psurl);
data/tclthread-2.8.5/generic/threadSvCmd.c:1391:34: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
arrayPtr->bindAddr = strcpy((char *)ckalloc(len+1), psurl);
data/tclthread-2.8.5/win/nmakehlp.c:33:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/tclthread-2.8.5/win/nmakehlp.c:33:20: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/tclthread-2.8.5/win/nmakehlp.c:250:5: [4] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
lstrcat(cmdline, option);
data/tclthread-2.8.5/win/nmakehlp.c:388:2: [4] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
lstrcat(cmdline, options[i]);
data/tclthread-2.8.5/win/nmakehlp.c:677:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(szBuffer);
data/tclthread-2.8.5/win/nmakehlp.c:258:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/tclthread-2.8.5/win/nmakehlp.c:258:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/tclthread-2.8.5/win/nmakehlp.c:392:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/tclthread-2.8.5/win/nmakehlp.c:392:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/tclthread-2.8.5/generic/tclXkeylist.c:88:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
((char *) memcpy ((char *)ckalloc (length + 1), sourceStr, length + 1))
data/tclthread-2.8.5/generic/threadCmd.c:830:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thrHandle[THREAD_HNDLMAXLEN];
data/tclthread-2.8.5/generic/threadCmd.c:872:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *result, thrHandle[THREAD_HNDLMAXLEN];
data/tclthread-2.8.5/generic/threadCmd.c:1006:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
clbkPtr->clientData = memcpy(ckalloc(vsize), varName, vsize);
data/tclthread-2.8.5/generic/threadCmd.c:1017:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
sendPtr->clientData = memcpy(ckalloc(size), script, size);
data/tclthread-2.8.5/generic/threadCmd.c:1120:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
sendPtr->clientData = memcpy(ckalloc(size), script, size);
data/tclthread-2.8.5/generic/threadCmd.c:1720:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thrHandle[THREAD_HNDLMAXLEN];
data/tclthread-2.8.5/generic/threadCmd.c:1922:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv[3];
data/tclthread-2.8.5/generic/threadCmd.c:1923:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[THREAD_HNDLMAXLEN];
data/tclthread-2.8.5/generic/threadCmd.c:2298:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thrHandle[THREAD_HNDLMAXLEN];
data/tclthread-2.8.5/generic/threadCmd.c:2930:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[THREAD_HNDLMAXLEN];
data/tclthread-2.8.5/generic/threadCmd.c:3271:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(char *)memcpy(ckalloc(1+size), result, 1+size) : threadEmptyResult;
data/tclthread-2.8.5/generic/threadCmd.c:3276:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(char *)memcpy(ckalloc(1+size), result, 1+size) : threadEmptyResult;
data/tclthread-2.8.5/generic/threadCmd.c:3290:40: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
resultPtr->errorCode = (char *)memcpy(ckalloc(size), errorCode, size);
data/tclthread-2.8.5/generic/threadCmd.c:3296:40: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
resultPtr->errorInfo = (char *)memcpy(ckalloc(size), errorInfo, size);
data/tclthread-2.8.5/generic/threadCmd.c:3343:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/tclthread-2.8.5/generic/threadCmd.c:3347:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", tsdPtr->maxEventsCount);
data/tclthread-2.8.5/generic/threadCmd.c:3549:44: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
resultPtr->resultMsg = (char *)memcpy(ckalloc(size), msg, size);
data/tclthread-2.8.5/generic/threadCmd.c:3857:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thrHandle[THREAD_HNDLMAXLEN];
data/tclthread-2.8.5/generic/threadPoolCmd.c:203:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64], *exs = NULL, *cmd = NULL;
data/tclthread-2.8.5/generic/threadPoolCmd.c:242:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
cmd = strcpy((char *)ckalloc(objv[ii+1]->length+1), val);
data/tclthread-2.8.5/generic/threadPoolCmd.c:245:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
exs = strcpy((char *)ckalloc(objv[ii+1]->length+1), val);
data/tclthread-2.8.5/generic/threadPoolCmd.c:1031:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/tclthread-2.8.5/generic/threadSpCmd.c:158:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define GetHash(a,b) (atoi((a)+((b) < 4 ? 0 : 3)) % NUMSPBUCKETS)
data/tclthread-2.8.5/generic/threadSpCmd.c:771:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[32 + TCL_INTEGER_SPACE];
data/tclthread-2.8.5/generic/threadSpCmd.c:774:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "\n (\"eval\" body line %d)", Tcl_GetErrorLine(interp));
data/tclthread-2.8.5/generic/threadSpCmd.c:813:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/tclthread-2.8.5/generic/threadSpCmd.c:821:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "%cid%d", type, id);
data/tclthread-2.8.5/generic/threadSvCmd.c:1062:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)dupPtr->bytes,(void*)objPtr->bytes,
data/tclthread-2.8.5/generic/threadSvCmd.c:1147:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/tclthread-2.8.5/generic/threadSvCmd.c:1184:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "::%p", (int*)svObj);
data/tclthread-2.8.5/generic/threadSvCmd.c:2068:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[32 + TCL_INTEGER_SPACE];
data/tclthread-2.8.5/generic/threadSvCmd.c:2071:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "\n (\"eval\" body line %d)", Tcl_GetErrorLine(interp));
data/tclthread-2.8.5/win/nmakehlp.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[STATICBUFFERSIZE];
data/tclthread-2.8.5/win/nmakehlp.c:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[300];
data/tclthread-2.8.5/win/nmakehlp.c:201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[300];
data/tclthread-2.8.5/win/nmakehlp.c:204:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[100];
data/tclthread-2.8.5/win/nmakehlp.c:244:5: [2] (buffer) lstrcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
lstrcpy(cmdline, "cl.exe -nologo -c -TC -Zs -X -Fp.\\_junk.pch ");
data/tclthread-2.8.5/win/nmakehlp.c:256:5: [2] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
lstrcat(cmdline, " .\\nul");
data/tclthread-2.8.5/win/nmakehlp.c:336:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[300];
data/tclthread-2.8.5/win/nmakehlp.c:340:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[255];
data/tclthread-2.8.5/win/nmakehlp.c:380:5: [2] (buffer) lstrcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
lstrcpy(cmdline, "link.exe -nologo ");
data/tclthread-2.8.5/win/nmakehlp.c:387:2: [2] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
lstrcat(cmdline, " \"");
data/tclthread-2.8.5/win/nmakehlp.c:507:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szBuffer[100];
data/tclthread-2.8.5/win/nmakehlp.c:509:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(filename, "rt");
data/tclthread-2.8.5/win/nmakehlp.c:540:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(szBuffer, p, q - p);
data/tclthread-2.8.5/win/nmakehlp.c:615:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szBuffer[1024], szCopy[1024];
data/tclthread-2.8.5/win/nmakehlp.c:620:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "rt");
data/tclthread-2.8.5/win/nmakehlp.c:627:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sp = fopen(substitutions, "rt");
data/tclthread-2.8.5/win/nmakehlp.c:674:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(szBuffer, szCopy, sizeof(szCopy));
data/tclthread-2.8.5/win/nmakehlp.c:709:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szCwd[MAX_PATH + 1];
data/tclthread-2.8.5/win/nmakehlp.c:727:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_PATH+1];
data/tclthread-2.8.5/generic/psGdbm.c:95:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ext = Tcl_UtfToExternalDString(NULL, path, strlen(path), &toext);
data/tclthread-2.8.5/generic/psGdbm.c:153:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dkey.dsize = strlen(key) + 1;
data/tclthread-2.8.5/generic/psGdbm.c:234:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dkey.dsize = strlen(*keyptrptr) + 1;
data/tclthread-2.8.5/generic/psGdbm.c:283:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dkey.dsize = strlen(key) + 1;
data/tclthread-2.8.5/generic/psGdbm.c:323:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dkey.dsize = strlen(key) + 1;
data/tclthread-2.8.5/generic/psLmdb.c:181:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ext = Tcl_UtfToExternalDString(NULL, path, strlen(path), &toext);
data/tclthread-2.8.5/generic/psLmdb.c:262:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key.mv_size = strlen(keyptr) + 1;
data/tclthread-2.8.5/generic/psLmdb.c:413:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key.mv_size = strlen(keyptr) + 1;
data/tclthread-2.8.5/generic/psLmdb.c:463:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key.mv_size = strlen(keyptr) + 1;
data/tclthread-2.8.5/generic/tclXkeylist.c:85:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strcpy ((char *)ckalloc (strlen (sourceStr) + 1), sourceStr))
data/tclthread-2.8.5/generic/tclXkeylist.c:402:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(key) != keyLen) {
data/tclthread-2.8.5/generic/tclXkeylist.c:566:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keyLen = strlen (key);
data/tclthread-2.8.5/generic/tclXkeylist.c:832:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (keylIntPtr->entries [idx].key));
data/tclthread-2.8.5/generic/tclXkeylist.c:979:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (keylIntPtr->entries [findIdx].key, key, keyLen);
data/tclthread-2.8.5/generic/tclXkeylist.c:1018:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (keylIntPtr->entries [findIdx].key, key, keyLen);
data/tclthread-2.8.5/generic/threadCmd.c:1215:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
errorProcString = (char *)ckalloc(1+strlen(proc));
data/tclthread-2.8.5/generic/threadCmd.c:1841:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scriptLen = strlen(ctrlPtr->script);
data/tclthread-2.8.5/generic/threadCmd.c:3269:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(result);
data/tclthread-2.8.5/generic/threadCmd.c:3289:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(errorCode) + 1;
data/tclthread-2.8.5/generic/threadCmd.c:3295:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(errorInfo) + 1;
data/tclthread-2.8.5/generic/threadCmd.c:3329:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (option == NULL) ? 0 : strlen(option);
data/tclthread-2.8.5/generic/threadCmd.c:3413:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(option);
data/tclthread-2.8.5/generic/threadCmd.c:3548:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(msg)+1;
data/tclthread-2.8.5/generic/threadCmd.c:3741:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
resultPtr->result = strcpy((char *)ckalloc(1+strlen(diemsg)), diemsg);
data/tclthread-2.8.5/generic/threadCmd.c:3768:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tResultPtr->resultMsg = strcpy((char *)ckalloc(1+strlen(diemsg)),
data/tclthread-2.8.5/generic/threadNs.c:73:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md->modname = strcpy(ns_malloc(strlen(mod)+1), mod);
data/tclthread-2.8.5/generic/threadNs.c:74:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md->server = strcpy(ns_malloc(strlen(srv)+1), srv);
data/tclthread-2.8.5/generic/threadPoolCmd.c:1156:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rPtr->result = strcpy((char *)ckalloc(strlen(errMsg)+1), errMsg);
data/tclthread-2.8.5/generic/threadPoolCmd.c:1171:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rPtr->result = strcpy((char *)ckalloc(strlen(errMsg)+1), errMsg);
data/tclthread-2.8.5/generic/threadPoolCmd.c:1528:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rPtr->errorCode = (char *)ckalloc(1 + strlen(errorCode));
data/tclthread-2.8.5/generic/threadPoolCmd.c:1532:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rPtr->errorInfo = (char *)ckalloc(1 + strlen(errorInfo));
data/tclthread-2.8.5/generic/threadSvCmd.c:158:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(cmdName) + strlen(TSV_CMD_PREFIX) + 1;
data/tclthread-2.8.5/generic/threadSvCmd.c:158:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(cmdName) + strlen(TSV_CMD_PREFIX) + 1;
data/tclthread-2.8.5/generic/threadSvCmd.c:159:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len2 = strlen(cmdName) + strlen(TSV_CMD2_PREFIX) + 1;
data/tclthread-2.8.5/generic/threadSvCmd.c:159:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len2 = strlen(cmdName) + strlen(TSV_CMD2_PREFIX) + 1;
data/tclthread-2.8.5/generic/threadSvCmd.c:181:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newCmd->name = newCmd->cmdName + strlen(TSV_CMD_PREFIX);
data/tclthread-2.8.5/win/nmakehlp.c:389:2: [1] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant
character.
lstrcat(cmdline, "\"");
data/tclthread-2.8.5/win/nmakehlp.c:525:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(match);
data/tclthread-2.8.5/win/nmakehlp.c:671:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
op += strlen(p->key);
data/tclthread-2.8.5/win/nmakehlp.c:733:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dirlen = strlen(dir);
data/tclthread-2.8.5/win/nmakehlp.c:736:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, dir, dirlen);
data/tclthread-2.8.5/win/nmakehlp.c:737:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(path+dirlen, "\\*", 3); /* Including terminating \0 */
data/tclthread-2.8.5/win/nmakehlp.c:738:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keylen = strlen(keypath);
data/tclthread-2.8.5/win/nmakehlp.c:763:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sublen = strlen(finfo.cFileName);
data/tclthread-2.8.5/win/nmakehlp.c:766:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path+dirlen+1, finfo.cFileName, sublen);
data/tclthread-2.8.5/win/nmakehlp.c:768:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path+dirlen+1+sublen+1, keypath, keylen+1);
ANALYSIS SUMMARY:
Hits = 133
Lines analyzed = 15775 in approximately 0.35 seconds (44473 lines/second)
Physical Source Lines of Code (SLOC) = 8227
Hits@level = [0] 14 [1] 46 [2] 52 [3] 4 [4] 31 [5] 0
Hits@level+ = [0+] 147 [1+] 133 [2+] 87 [3+] 35 [4+] 31 [5+] 0
Hits/KSLOC@level+ = [0+] 17.868 [1+] 16.1663 [2+] 10.5749 [3+] 4.25428 [4+] 3.76808 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.