Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/tilem-2.0/db/disasm.c Examining data/tilem-2.0/db/listing.c Examining data/tilem-2.0/db/lstfile.c Examining data/tilem-2.0/db/tilemdb.h Examining data/tilem-2.0/emu/calcs.c Examining data/tilem-2.0/emu/cert.c Examining data/tilem-2.0/emu/flash.c Examining data/tilem-2.0/emu/graycolor.c Examining data/tilem-2.0/emu/grayimage.c Examining data/tilem-2.0/emu/graylcd.c Examining data/tilem-2.0/emu/graylcd.h Examining data/tilem-2.0/emu/keypad.c Examining data/tilem-2.0/emu/lcd.c Examining data/tilem-2.0/emu/link.c Examining data/tilem-2.0/emu/md5.c Examining data/tilem-2.0/emu/monolcd.c Examining data/tilem-2.0/emu/rom.c Examining data/tilem-2.0/emu/scancodes.h Examining data/tilem-2.0/emu/state.c Examining data/tilem-2.0/emu/tilem.h Examining data/tilem-2.0/emu/tilemint.h Examining data/tilem-2.0/emu/timers.c Examining data/tilem-2.0/emu/x1/x1.h Examining data/tilem-2.0/emu/x1/x1_init.c Examining data/tilem-2.0/emu/x1/x1_io.c Examining data/tilem-2.0/emu/x1/x1_memory.c Examining data/tilem-2.0/emu/x1/x1_subcore.c Examining data/tilem-2.0/emu/x2/x2.h Examining data/tilem-2.0/emu/x2/x2_init.c Examining data/tilem-2.0/emu/x2/x2_io.c Examining data/tilem-2.0/emu/x2/x2_memory.c Examining data/tilem-2.0/emu/x2/x2_subcore.c Examining data/tilem-2.0/emu/x3/x3.h Examining data/tilem-2.0/emu/x3/x3_init.c Examining data/tilem-2.0/emu/x3/x3_io.c Examining data/tilem-2.0/emu/x3/x3_memory.c Examining data/tilem-2.0/emu/x3/x3_subcore.c Examining data/tilem-2.0/emu/x4/x4.h Examining data/tilem-2.0/emu/x4/x4_init.c Examining data/tilem-2.0/emu/x4/x4_io.c Examining data/tilem-2.0/emu/x4/x4_memory.c Examining data/tilem-2.0/emu/x4/x4_subcore.c Examining data/tilem-2.0/emu/x5/x5.h Examining data/tilem-2.0/emu/x5/x5_init.c Examining data/tilem-2.0/emu/x5/x5_io.c Examining data/tilem-2.0/emu/x5/x5_memory.c Examining data/tilem-2.0/emu/x5/x5_subcore.c Examining data/tilem-2.0/emu/x6/x6.h Examining data/tilem-2.0/emu/x6/x6_init.c Examining data/tilem-2.0/emu/x6/x6_io.c Examining data/tilem-2.0/emu/x6/x6_memory.c Examining data/tilem-2.0/emu/x6/x6_subcore.c Examining data/tilem-2.0/emu/x7/x7.h Examining data/tilem-2.0/emu/x7/x7_init.c Examining data/tilem-2.0/emu/x7/x7_io.c Examining data/tilem-2.0/emu/x7/x7_memory.c Examining data/tilem-2.0/emu/x7/x7_subcore.c Examining data/tilem-2.0/emu/xn/xn.h Examining data/tilem-2.0/emu/xn/xn_init.c Examining data/tilem-2.0/emu/xn/xn_io.c Examining data/tilem-2.0/emu/xn/xn_memory.c Examining data/tilem-2.0/emu/xn/xn_subcore.c Examining data/tilem-2.0/emu/xp/xp.h Examining data/tilem-2.0/emu/xp/xp_init.c Examining data/tilem-2.0/emu/xp/xp_io.c Examining data/tilem-2.0/emu/xp/xp_memory.c Examining data/tilem-2.0/emu/xp/xp_subcore.c Examining data/tilem-2.0/emu/xs/xs.h Examining data/tilem-2.0/emu/xs/xs_init.c Examining data/tilem-2.0/emu/xs/xs_io.c Examining data/tilem-2.0/emu/xs/xs_memory.c Examining data/tilem-2.0/emu/xs/xs_subcore.c Examining data/tilem-2.0/emu/xz/xz.h Examining data/tilem-2.0/emu/xz/xz_init.c Examining data/tilem-2.0/emu/xz/xz_io.c Examining data/tilem-2.0/emu/xz/xz_memory.c Examining data/tilem-2.0/emu/xz/xz_subcore.c Examining data/tilem-2.0/emu/z80.c Examining data/tilem-2.0/emu/z80.h Examining data/tilem-2.0/emu/z80cb.h Examining data/tilem-2.0/emu/z80cmds.h Examining data/tilem-2.0/emu/z80ddfd.h Examining data/tilem-2.0/emu/z80ed.h Examining data/tilem-2.0/emu/z80main.h Examining data/tilem-2.0/gui/address.c Examining data/tilem-2.0/gui/animatedgif.c Examining data/tilem-2.0/gui/animation.c Examining data/tilem-2.0/gui/animation.h Examining data/tilem-2.0/gui/breakpoints.c Examining data/tilem-2.0/gui/charmap.c Examining data/tilem-2.0/gui/charmap.h Examining data/tilem-2.0/gui/config.c Examining data/tilem-2.0/gui/debugger.c Examining data/tilem-2.0/gui/debugger.h Examining data/tilem-2.0/gui/disasmview.c Examining data/tilem-2.0/gui/disasmview.h Examining data/tilem-2.0/gui/emucore.c Examining data/tilem-2.0/gui/emucore.h Examining data/tilem-2.0/gui/emulator.c Examining data/tilem-2.0/gui/emulator.h Examining data/tilem-2.0/gui/emuwin.c Examining data/tilem-2.0/gui/emuwin.h Examining data/tilem-2.0/gui/event.c Examining data/tilem-2.0/gui/filedlg.c Examining data/tilem-2.0/gui/filedlg.h Examining data/tilem-2.0/gui/files.c Examining data/tilem-2.0/gui/files.h Examining data/tilem-2.0/gui/fixedtreeview.c Examining data/tilem-2.0/gui/fixedtreeview.h Examining data/tilem-2.0/gui/gifencod.c Examining data/tilem-2.0/gui/gifencod.h Examining data/tilem-2.0/gui/gtk-compat.h Examining data/tilem-2.0/gui/gui.h Examining data/tilem-2.0/gui/icons.c Examining data/tilem-2.0/gui/icons.h Examining data/tilem-2.0/gui/keybindings.c Examining data/tilem-2.0/gui/keypaddlg.c Examining data/tilem-2.0/gui/link.c Examining data/tilem-2.0/gui/macro.c Examining data/tilem-2.0/gui/memmodel.c Examining data/tilem-2.0/gui/memmodel.h Examining data/tilem-2.0/gui/memory.c Examining data/tilem-2.0/gui/memview.c Examining data/tilem-2.0/gui/menu.c Examining data/tilem-2.0/gui/msgbox.h Examining data/tilem-2.0/gui/pbar.c Examining data/tilem-2.0/gui/preferences.c Examining data/tilem-2.0/gui/rcvmenu.c Examining data/tilem-2.0/gui/screenshot.c Examining data/tilem-2.0/gui/sendfile.c Examining data/tilem-2.0/gui/skinops.c Examining data/tilem-2.0/gui/skinops.h Examining data/tilem-2.0/gui/ti81prg.c Examining data/tilem-2.0/gui/ti81prg.h Examining data/tilem-2.0/gui/tilem2.c Examining data/tilem-2.0/gui/tool.c FINAL RESULTS: data/tilem-2.0/db/disasm.c:211:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sym->name, name); data/tilem-2.0/db/disasm.c:789:6: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. n = vsnprintf(*buf, *bsize, fmt, ap); data/tilem-2.0/db/listing.c:179:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(line->text, text); data/tilem-2.0/gui/memory.c:78:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, msg, ap); data/tilem-2.0/gui/memory.c:88:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, msg, ap); data/tilem-2.0/gui/memory.c:98:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, msg, ap); data/tilem-2.0/gui/ti81prg.c:376:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, buf); data/tilem-2.0/gui/ti81prg.c:408:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, buf); data/tilem-2.0/gui/memmodel.c:418:14: [3] (random) g_random_int: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. mm->stamp = g_random_int(); data/tilem-2.0/db/disasm.c:163:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(syms, stab->syms, data/tilem-2.0/db/disasm.c:166:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(syms + start + 1, stab->syms + start, data/tilem-2.0/db/disasm.c:280:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/tilem-2.0/db/lstfile.c:351:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/tilem-2.0/emu/calcs.c:132:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newcalc, calc, sizeof(TilemCalc)); data/tilem-2.0/emu/calcs.c:139:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newcalc->hwregs, calc->hwregs, calc->hw.nhwregs * sizeof(dword)); data/tilem-2.0/emu/calcs.c:148:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newcalc->z80.timers, calc->z80.timers, data/tilem-2.0/emu/calcs.c:159:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newcalc->z80.breakpoints, calc->z80.breakpoints, data/tilem-2.0/emu/calcs.c:171:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newcalc->mem, calc->mem, msize * sizeof(byte)); data/tilem-2.0/emu/graylcd.c:259:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(basepix, pix, (glcd->height * glcd->bwidth * 8 data/tilem-2.0/emu/rom.c:32:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/tilem-2.0/gui/animatedgif.c:83:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char footer_trailer[1] = { 0x3b}; data/tilem-2.0/gui/animatedgif.c:92:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extension_block_header[2] = {0x21, 0xf9}; data/tilem-2.0/gui/animatedgif.c:94:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extension_block_size[1] = { 0x04} ; data/tilem-2.0/gui/animatedgif.c:96:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extension_block_flag[1] = { 0x00} ; data/tilem-2.0/gui/animatedgif.c:98:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extension_block_delay[2] = {10, 0} ; data/tilem-2.0/gui/animatedgif.c:101:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extension_block_transparent_index[1] = {0xff}; data/tilem-2.0/gui/animatedgif.c:103:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extension_block_terminator[1] = {0x00}; data/tilem-2.0/gui/animatedgif.c:137:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char image_block_end[1] = {0x00}; data/tilem-2.0/gui/animation.c:448:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(frm->data, buf->data, anim->frame_size); data/tilem-2.0/gui/breakpoints.c:88:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/tilem-2.0/gui/breakpoints.c:648:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[5], sbuf[10], ebuf[10]; data/tilem-2.0/gui/charmap.c:101:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[12]; data/tilem-2.0/gui/debugger.c:1058:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/tilem-2.0/gui/debugger.c:1101:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stack_offset[10]; data/tilem-2.0/gui/debugger.c:1102:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stack_value[10]; data/tilem-2.0/gui/disasmview.c:105:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[500], *p; data/tilem-2.0/gui/emulator.c:723:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q + nkeys, emu->key_queue, emu->key_queue_len); data/tilem-2.0/gui/filedlg.c:63:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t filenamew[BUFFER_SIZE + 1]; data/tilem-2.0/gui/filedlg.c:137:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filenamel[BUFFER_SIZE + 1]; data/tilem-2.0/gui/filedlg.c:399:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t dirnamew[MAX_PATH + 1]; data/tilem-2.0/gui/filedlg.c:414:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dirnamel[MAX_PATH + 1]; data/tilem-2.0/gui/files.c:48:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *args[10]; data/tilem-2.0/gui/files.c:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lpath[MAX_PATH+1]; data/tilem-2.0/gui/files.c:66:2: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wpath[MAX_PATH+1]; data/tilem-2.0/gui/keypaddlg.c:109:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/tilem-2.0/gui/link.c:439:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name, data + i, length > 8 ? 8 : length); data/tilem-2.0/gui/macro.c:137:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(lengthchar, "%04d", strlen(emu->macro->actions[i]->value)); data/tilem-2.0/gui/macro.c:181:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int code = atoi(emu->macro->actions[i]->value); data/tilem-2.0/gui/macro.c:224:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int length = atoi(lengthchar); data/tilem-2.0/gui/macro.c:231:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int code = atoi(codechar); data/tilem-2.0/gui/memmodel.c:361:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100], *s; data/tilem-2.0/gui/sendfile.c:139:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *slotlabel[TI81_SLOT_MAX + 1]; data/tilem-2.0/gui/skinops.c:55:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[17]; data/tilem-2.0/gui/skinops.c:91:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[17]; data/tilem-2.0/gui/skinops.h:111:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char calc[9]; data/tilem-2.0/gui/ti81prg.c:191:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info->name, p, 8); data/tilem-2.0/gui/ti81prg.c:210:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((*prgm)->data, p, info.size); data/tilem-2.0/gui/ti81prg.c:269:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, prgm->data, prgm->info.size); data/tilem-2.0/gui/ti81prg.c:276:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, prgm->info.name, 8); data/tilem-2.0/gui/ti81prg.c:300:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->info.name, buf + 12, 8); data/tilem-2.0/gui/ti81prg.c:332:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, "**TI81**\0n", 10); data/tilem-2.0/gui/ti81prg.c:337:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + 12, prgm->info.name, 8); data/tilem-2.0/gui/ti81prg.c:361:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[50]; data/tilem-2.0/gui/ti81prg.c:365:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "Automatic"); data/tilem-2.0/gui/ti81prg.c:369:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Prgm%c", slot + '0'); data/tilem-2.0/gui/ti81prg.c:371:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Prgm%c", slot + 'A' - 10); data/tilem-2.0/gui/ti81prg.c:373:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "Prgm\316\270"); data/tilem-2.0/gui/ti81prg.c:382:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[50]; data/tilem-2.0/db/disasm.c:210:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sym->name = tilem_new_atomic(char, strlen(name) + 1); data/tilem-2.0/db/disasm.c:288:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = buf + strlen(buf); data/tilem-2.0/db/listing.c:178:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line->text = tilem_new_atomic(char, strlen(text) + 1); data/tilem-2.0/db/lstfile.c:41:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int) strlen(text) < width) data/tilem-2.0/db/lstfile.c:109:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width = strlen(text); data/tilem-2.0/db/lstfile.c:110:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (width > (int) strlen(text)) { data/tilem-2.0/db/lstfile.c:365:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(buf); data/tilem-2.0/emu/rom.c:36:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/tilem-2.0/emu/rom.c:41:14: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). buf[pos] = fgetc(romfile); data/tilem-2.0/emu/rom.c:47:14: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). buf[pos] = fgetc(romfile); data/tilem-2.0/emu/state.c:190:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = fgetc(savfile)) != EOF) data/tilem-2.0/emu/state.c:192:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = fgetc(savfile)) != EOF) data/tilem-2.0/emu/state.c:194:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = fgetc(savfile)) != EOF) data/tilem-2.0/emu/state.c:204:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = fgetc(savfile)) != EOF) data/tilem-2.0/emu/state.c:221:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = fgetc(savfile)) != EOF) data/tilem-2.0/emu/state.c:223:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = fgetc(savfile)) != EOF) data/tilem-2.0/emu/state.c:225:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = fgetc(savfile)) != EOF) data/tilem-2.0/emu/state.c:227:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = fgetc(savfile)) != EOF) data/tilem-2.0/emu/state.c:230:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = fgetc(savfile)) == EOF) data/tilem-2.0/emu/state.c:251:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = fgetc(savfile)) != EOF) data/tilem-2.0/emu/state.c:253:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = fgetc(savfile)) != EOF) data/tilem-2.0/emu/state.c:256:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = fgetc(savfile)) != EOF) data/tilem-2.0/emu/state.c:258:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = fgetc(savfile)) != EOF) data/tilem-2.0/emu/state.c:260:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = fgetc(savfile)) != EOF) data/tilem-2.0/emu/state.c:262:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = fgetc(savfile)) != EOF) data/tilem-2.0/emu/state.c:264:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = fgetc(savfile)) != EOF) data/tilem-2.0/emu/state.c:266:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((c = fgetc(savfile)) != EOF) data/tilem-2.0/emu/state.c:286:14: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = fgetc(savfile)) != EOF) { data/tilem-2.0/emu/state.c:616:7: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b = fgetc(savfile); data/tilem-2.0/emu/state.c:654:6: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b = fgetc(savfile); data/tilem-2.0/gui/config.c:56:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q = escaped = g_new(char, strlen(value) * 4 + 1); data/tilem-2.0/gui/filedlg.c:89:5: [1] (buffer) wcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). wcsncpy(filenamew, p, BUFFER_SIZE); data/tilem-2.0/gui/filedlg.c:163:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filenamel, p, BUFFER_SIZE); data/tilem-2.0/gui/filedlg.c:509:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(lowercase); data/tilem-2.0/gui/link.c:1221:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (g_pattern_match(pat, strlen(defname_r), defname_r, NULL)) data/tilem-2.0/gui/macro.c:89:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). macro->actions[n] = g_new(char, strlen(value)); /* FIXME : gcc says : "assignment from incompatible pointer type" ??? */ data/tilem-2.0/gui/macro.c:135:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int length = strlen(emu->macro->actions[i]->value); data/tilem-2.0/gui/macro.c:137:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(lengthchar, "%04d", strlen(emu->macro->actions[i]->value)); data/tilem-2.0/gui/macro.c:220:9: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(fp); /* Drop the "="*/ data/tilem-2.0/gui/macro.c:223:9: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(fp); /* Drop the "-"*/ data/tilem-2.0/gui/macro.c:236:9: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(fp); data/tilem-2.0/gui/ti81prg.c:367:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, "?"); data/tilem-2.0/gui/ti81prg.c:375:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = tilem_new_atomic(char, strlen(buf) + 1); data/tilem-2.0/gui/ti81prg.c:407:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = tilem_new_atomic(char, strlen(buf) + 1); data/tilem-2.0/gui/tool.c:81:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = g_new(char, strlen(name) + 1); data/tilem-2.0/gui/tool.c:167:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!p || strlen(p) < 4 || strchr(p, '/') || strchr(p, '\\')) data/tilem-2.0/gui/tool.c:368:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). icount = strlen(utf8str); ANALYSIS SUMMARY: Hits = 115 Lines analyzed = 37720 in approximately 0.89 seconds (42461 lines/second) Physical Source Lines of Code (SLOC) = 27147 Hits@level = [0] 175 [1] 47 [2] 59 [3] 1 [4] 8 [5] 0 Hits@level+ = [0+] 290 [1+] 115 [2+] 68 [3+] 9 [4+] 8 [5+] 0 Hits/KSLOC@level+ = [0+] 10.6826 [1+] 4.2362 [2+] 2.50488 [3+] 0.331528 [4+] 0.294692 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.