Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tilem-2.0/db/disasm.c
Examining data/tilem-2.0/db/listing.c
Examining data/tilem-2.0/db/lstfile.c
Examining data/tilem-2.0/db/tilemdb.h
Examining data/tilem-2.0/emu/calcs.c
Examining data/tilem-2.0/emu/cert.c
Examining data/tilem-2.0/emu/flash.c
Examining data/tilem-2.0/emu/graycolor.c
Examining data/tilem-2.0/emu/grayimage.c
Examining data/tilem-2.0/emu/graylcd.c
Examining data/tilem-2.0/emu/graylcd.h
Examining data/tilem-2.0/emu/keypad.c
Examining data/tilem-2.0/emu/lcd.c
Examining data/tilem-2.0/emu/link.c
Examining data/tilem-2.0/emu/md5.c
Examining data/tilem-2.0/emu/monolcd.c
Examining data/tilem-2.0/emu/rom.c
Examining data/tilem-2.0/emu/scancodes.h
Examining data/tilem-2.0/emu/state.c
Examining data/tilem-2.0/emu/tilem.h
Examining data/tilem-2.0/emu/tilemint.h
Examining data/tilem-2.0/emu/timers.c
Examining data/tilem-2.0/emu/x1/x1.h
Examining data/tilem-2.0/emu/x1/x1_init.c
Examining data/tilem-2.0/emu/x1/x1_io.c
Examining data/tilem-2.0/emu/x1/x1_memory.c
Examining data/tilem-2.0/emu/x1/x1_subcore.c
Examining data/tilem-2.0/emu/x2/x2.h
Examining data/tilem-2.0/emu/x2/x2_init.c
Examining data/tilem-2.0/emu/x2/x2_io.c
Examining data/tilem-2.0/emu/x2/x2_memory.c
Examining data/tilem-2.0/emu/x2/x2_subcore.c
Examining data/tilem-2.0/emu/x3/x3.h
Examining data/tilem-2.0/emu/x3/x3_init.c
Examining data/tilem-2.0/emu/x3/x3_io.c
Examining data/tilem-2.0/emu/x3/x3_memory.c
Examining data/tilem-2.0/emu/x3/x3_subcore.c
Examining data/tilem-2.0/emu/x4/x4.h
Examining data/tilem-2.0/emu/x4/x4_init.c
Examining data/tilem-2.0/emu/x4/x4_io.c
Examining data/tilem-2.0/emu/x4/x4_memory.c
Examining data/tilem-2.0/emu/x4/x4_subcore.c
Examining data/tilem-2.0/emu/x5/x5.h
Examining data/tilem-2.0/emu/x5/x5_init.c
Examining data/tilem-2.0/emu/x5/x5_io.c
Examining data/tilem-2.0/emu/x5/x5_memory.c
Examining data/tilem-2.0/emu/x5/x5_subcore.c
Examining data/tilem-2.0/emu/x6/x6.h
Examining data/tilem-2.0/emu/x6/x6_init.c
Examining data/tilem-2.0/emu/x6/x6_io.c
Examining data/tilem-2.0/emu/x6/x6_memory.c
Examining data/tilem-2.0/emu/x6/x6_subcore.c
Examining data/tilem-2.0/emu/x7/x7.h
Examining data/tilem-2.0/emu/x7/x7_init.c
Examining data/tilem-2.0/emu/x7/x7_io.c
Examining data/tilem-2.0/emu/x7/x7_memory.c
Examining data/tilem-2.0/emu/x7/x7_subcore.c
Examining data/tilem-2.0/emu/xn/xn.h
Examining data/tilem-2.0/emu/xn/xn_init.c
Examining data/tilem-2.0/emu/xn/xn_io.c
Examining data/tilem-2.0/emu/xn/xn_memory.c
Examining data/tilem-2.0/emu/xn/xn_subcore.c
Examining data/tilem-2.0/emu/xp/xp.h
Examining data/tilem-2.0/emu/xp/xp_init.c
Examining data/tilem-2.0/emu/xp/xp_io.c
Examining data/tilem-2.0/emu/xp/xp_memory.c
Examining data/tilem-2.0/emu/xp/xp_subcore.c
Examining data/tilem-2.0/emu/xs/xs.h
Examining data/tilem-2.0/emu/xs/xs_init.c
Examining data/tilem-2.0/emu/xs/xs_io.c
Examining data/tilem-2.0/emu/xs/xs_memory.c
Examining data/tilem-2.0/emu/xs/xs_subcore.c
Examining data/tilem-2.0/emu/xz/xz.h
Examining data/tilem-2.0/emu/xz/xz_init.c
Examining data/tilem-2.0/emu/xz/xz_io.c
Examining data/tilem-2.0/emu/xz/xz_memory.c
Examining data/tilem-2.0/emu/xz/xz_subcore.c
Examining data/tilem-2.0/emu/z80.c
Examining data/tilem-2.0/emu/z80.h
Examining data/tilem-2.0/emu/z80cb.h
Examining data/tilem-2.0/emu/z80cmds.h
Examining data/tilem-2.0/emu/z80ddfd.h
Examining data/tilem-2.0/emu/z80ed.h
Examining data/tilem-2.0/emu/z80main.h
Examining data/tilem-2.0/gui/address.c
Examining data/tilem-2.0/gui/animatedgif.c
Examining data/tilem-2.0/gui/animation.c
Examining data/tilem-2.0/gui/animation.h
Examining data/tilem-2.0/gui/breakpoints.c
Examining data/tilem-2.0/gui/charmap.c
Examining data/tilem-2.0/gui/charmap.h
Examining data/tilem-2.0/gui/config.c
Examining data/tilem-2.0/gui/debugger.c
Examining data/tilem-2.0/gui/debugger.h
Examining data/tilem-2.0/gui/disasmview.c
Examining data/tilem-2.0/gui/disasmview.h
Examining data/tilem-2.0/gui/emucore.c
Examining data/tilem-2.0/gui/emucore.h
Examining data/tilem-2.0/gui/emulator.c
Examining data/tilem-2.0/gui/emulator.h
Examining data/tilem-2.0/gui/emuwin.c
Examining data/tilem-2.0/gui/emuwin.h
Examining data/tilem-2.0/gui/event.c
Examining data/tilem-2.0/gui/filedlg.c
Examining data/tilem-2.0/gui/filedlg.h
Examining data/tilem-2.0/gui/files.c
Examining data/tilem-2.0/gui/files.h
Examining data/tilem-2.0/gui/fixedtreeview.c
Examining data/tilem-2.0/gui/fixedtreeview.h
Examining data/tilem-2.0/gui/gifencod.c
Examining data/tilem-2.0/gui/gifencod.h
Examining data/tilem-2.0/gui/gtk-compat.h
Examining data/tilem-2.0/gui/gui.h
Examining data/tilem-2.0/gui/icons.c
Examining data/tilem-2.0/gui/icons.h
Examining data/tilem-2.0/gui/keybindings.c
Examining data/tilem-2.0/gui/keypaddlg.c
Examining data/tilem-2.0/gui/link.c
Examining data/tilem-2.0/gui/macro.c
Examining data/tilem-2.0/gui/memmodel.c
Examining data/tilem-2.0/gui/memmodel.h
Examining data/tilem-2.0/gui/memory.c
Examining data/tilem-2.0/gui/memview.c
Examining data/tilem-2.0/gui/menu.c
Examining data/tilem-2.0/gui/msgbox.h
Examining data/tilem-2.0/gui/pbar.c
Examining data/tilem-2.0/gui/preferences.c
Examining data/tilem-2.0/gui/rcvmenu.c
Examining data/tilem-2.0/gui/screenshot.c
Examining data/tilem-2.0/gui/sendfile.c
Examining data/tilem-2.0/gui/skinops.c
Examining data/tilem-2.0/gui/skinops.h
Examining data/tilem-2.0/gui/ti81prg.c
Examining data/tilem-2.0/gui/ti81prg.h
Examining data/tilem-2.0/gui/tilem2.c
Examining data/tilem-2.0/gui/tool.c
FINAL RESULTS:
data/tilem-2.0/db/disasm.c:211:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sym->name, name);
data/tilem-2.0/db/disasm.c:789:6: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = vsnprintf(*buf, *bsize, fmt, ap);
data/tilem-2.0/db/listing.c:179:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(line->text, text);
data/tilem-2.0/gui/memory.c:78:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, msg, ap);
data/tilem-2.0/gui/memory.c:88:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, msg, ap);
data/tilem-2.0/gui/memory.c:98:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, msg, ap);
data/tilem-2.0/gui/ti81prg.c:376:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, buf);
data/tilem-2.0/gui/ti81prg.c:408:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, buf);
data/tilem-2.0/gui/memmodel.c:418:14: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mm->stamp = g_random_int();
data/tilem-2.0/db/disasm.c:163:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(syms, stab->syms,
data/tilem-2.0/db/disasm.c:166:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(syms + start + 1, stab->syms + start,
data/tilem-2.0/db/disasm.c:280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/tilem-2.0/db/lstfile.c:351:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/tilem-2.0/emu/calcs.c:132:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newcalc, calc, sizeof(TilemCalc));
data/tilem-2.0/emu/calcs.c:139:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newcalc->hwregs, calc->hwregs, calc->hw.nhwregs * sizeof(dword));
data/tilem-2.0/emu/calcs.c:148:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newcalc->z80.timers, calc->z80.timers,
data/tilem-2.0/emu/calcs.c:159:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newcalc->z80.breakpoints, calc->z80.breakpoints,
data/tilem-2.0/emu/calcs.c:171:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newcalc->mem, calc->mem, msize * sizeof(byte));
data/tilem-2.0/emu/graylcd.c:259:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(basepix, pix, (glcd->height * glcd->bwidth * 8
data/tilem-2.0/emu/rom.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/tilem-2.0/gui/animatedgif.c:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char footer_trailer[1] = { 0x3b};
data/tilem-2.0/gui/animatedgif.c:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extension_block_header[2] = {0x21, 0xf9};
data/tilem-2.0/gui/animatedgif.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extension_block_size[1] = { 0x04} ;
data/tilem-2.0/gui/animatedgif.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extension_block_flag[1] = { 0x00} ;
data/tilem-2.0/gui/animatedgif.c:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extension_block_delay[2] = {10, 0} ;
data/tilem-2.0/gui/animatedgif.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extension_block_transparent_index[1] = {0xff};
data/tilem-2.0/gui/animatedgif.c:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extension_block_terminator[1] = {0x00};
data/tilem-2.0/gui/animatedgif.c:137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char image_block_end[1] = {0x00};
data/tilem-2.0/gui/animation.c:448:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frm->data, buf->data, anim->frame_size);
data/tilem-2.0/gui/breakpoints.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/tilem-2.0/gui/breakpoints.c:648:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[5], sbuf[10], ebuf[10];
data/tilem-2.0/gui/charmap.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[12];
data/tilem-2.0/gui/debugger.c:1058:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/tilem-2.0/gui/debugger.c:1101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack_offset[10];
data/tilem-2.0/gui/debugger.c:1102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack_value[10];
data/tilem-2.0/gui/disasmview.c:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[500], *p;
data/tilem-2.0/gui/emulator.c:723:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q + nkeys, emu->key_queue, emu->key_queue_len);
data/tilem-2.0/gui/filedlg.c:63:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t filenamew[BUFFER_SIZE + 1];
data/tilem-2.0/gui/filedlg.c:137:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filenamel[BUFFER_SIZE + 1];
data/tilem-2.0/gui/filedlg.c:399:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t dirnamew[MAX_PATH + 1];
data/tilem-2.0/gui/filedlg.c:414:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirnamel[MAX_PATH + 1];
data/tilem-2.0/gui/files.c:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *args[10];
data/tilem-2.0/gui/files.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lpath[MAX_PATH+1];
data/tilem-2.0/gui/files.c:66:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wpath[MAX_PATH+1];
data/tilem-2.0/gui/keypaddlg.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/tilem-2.0/gui/link.c:439:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, data + i, length > 8 ? 8 : length);
data/tilem-2.0/gui/macro.c:137:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lengthchar, "%04d", strlen(emu->macro->actions[i]->value));
data/tilem-2.0/gui/macro.c:181:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int code = atoi(emu->macro->actions[i]->value);
data/tilem-2.0/gui/macro.c:224:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int length = atoi(lengthchar);
data/tilem-2.0/gui/macro.c:231:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int code = atoi(codechar);
data/tilem-2.0/gui/memmodel.c:361:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100], *s;
data/tilem-2.0/gui/sendfile.c:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *slotlabel[TI81_SLOT_MAX + 1];
data/tilem-2.0/gui/skinops.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[17];
data/tilem-2.0/gui/skinops.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[17];
data/tilem-2.0/gui/skinops.h:111:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char calc[9];
data/tilem-2.0/gui/ti81prg.c:191:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->name, p, 8);
data/tilem-2.0/gui/ti81prg.c:210:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*prgm)->data, p, info.size);
data/tilem-2.0/gui/ti81prg.c:269:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, prgm->data, prgm->info.size);
data/tilem-2.0/gui/ti81prg.c:276:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, prgm->info.name, 8);
data/tilem-2.0/gui/ti81prg.c:300:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->info.name, buf + 12, 8);
data/tilem-2.0/gui/ti81prg.c:332:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, "**TI81**\0n", 10);
data/tilem-2.0/gui/ti81prg.c:337:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 12, prgm->info.name, 8);
data/tilem-2.0/gui/ti81prg.c:361:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/tilem-2.0/gui/ti81prg.c:365:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "Automatic");
data/tilem-2.0/gui/ti81prg.c:369:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Prgm%c", slot + '0');
data/tilem-2.0/gui/ti81prg.c:371:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Prgm%c", slot + 'A' - 10);
data/tilem-2.0/gui/ti81prg.c:373:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "Prgm\316\270");
data/tilem-2.0/gui/ti81prg.c:382:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/tilem-2.0/db/disasm.c:210:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sym->name = tilem_new_atomic(char, strlen(name) + 1);
data/tilem-2.0/db/disasm.c:288:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = buf + strlen(buf);
data/tilem-2.0/db/listing.c:178:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line->text = tilem_new_atomic(char, strlen(text) + 1);
data/tilem-2.0/db/lstfile.c:41:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(text) < width)
data/tilem-2.0/db/lstfile.c:109:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width = strlen(text);
data/tilem-2.0/db/lstfile.c:110:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (width > (int) strlen(text)) {
data/tilem-2.0/db/lstfile.c:365:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(buf);
data/tilem-2.0/emu/rom.c:36:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tilem-2.0/emu/rom.c:41:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buf[pos] = fgetc(romfile);
data/tilem-2.0/emu/rom.c:47:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buf[pos] = fgetc(romfile);
data/tilem-2.0/emu/state.c:190:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(savfile)) != EOF)
data/tilem-2.0/emu/state.c:192:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(savfile)) != EOF)
data/tilem-2.0/emu/state.c:194:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(savfile)) != EOF)
data/tilem-2.0/emu/state.c:204:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(savfile)) != EOF)
data/tilem-2.0/emu/state.c:221:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(savfile)) != EOF)
data/tilem-2.0/emu/state.c:223:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(savfile)) != EOF)
data/tilem-2.0/emu/state.c:225:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(savfile)) != EOF)
data/tilem-2.0/emu/state.c:227:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(savfile)) != EOF)
data/tilem-2.0/emu/state.c:230:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(savfile)) == EOF)
data/tilem-2.0/emu/state.c:251:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(savfile)) != EOF)
data/tilem-2.0/emu/state.c:253:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(savfile)) != EOF)
data/tilem-2.0/emu/state.c:256:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(savfile)) != EOF)
data/tilem-2.0/emu/state.c:258:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(savfile)) != EOF)
data/tilem-2.0/emu/state.c:260:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(savfile)) != EOF)
data/tilem-2.0/emu/state.c:262:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(savfile)) != EOF)
data/tilem-2.0/emu/state.c:264:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(savfile)) != EOF)
data/tilem-2.0/emu/state.c:266:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(savfile)) != EOF)
data/tilem-2.0/emu/state.c:286:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(savfile)) != EOF) {
data/tilem-2.0/emu/state.c:616:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b = fgetc(savfile);
data/tilem-2.0/emu/state.c:654:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b = fgetc(savfile);
data/tilem-2.0/gui/config.c:56:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q = escaped = g_new(char, strlen(value) * 4 + 1);
data/tilem-2.0/gui/filedlg.c:89:5: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(filenamew, p, BUFFER_SIZE);
data/tilem-2.0/gui/filedlg.c:163:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filenamel, p, BUFFER_SIZE);
data/tilem-2.0/gui/filedlg.c:509:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(lowercase);
data/tilem-2.0/gui/link.c:1221:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (g_pattern_match(pat, strlen(defname_r), defname_r, NULL))
data/tilem-2.0/gui/macro.c:89:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
macro->actions[n] = g_new(char, strlen(value)); /* FIXME : gcc says : "assignment from incompatible pointer type" ??? */
data/tilem-2.0/gui/macro.c:135:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(emu->macro->actions[i]->value);
data/tilem-2.0/gui/macro.c:137:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(lengthchar, "%04d", strlen(emu->macro->actions[i]->value));
data/tilem-2.0/gui/macro.c:220:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp); /* Drop the "="*/
data/tilem-2.0/gui/macro.c:223:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp); /* Drop the "-"*/
data/tilem-2.0/gui/macro.c:236:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/tilem-2.0/gui/ti81prg.c:367:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "?");
data/tilem-2.0/gui/ti81prg.c:375:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = tilem_new_atomic(char, strlen(buf) + 1);
data/tilem-2.0/gui/ti81prg.c:407:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = tilem_new_atomic(char, strlen(buf) + 1);
data/tilem-2.0/gui/tool.c:81:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = g_new(char, strlen(name) + 1);
data/tilem-2.0/gui/tool.c:167:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!p || strlen(p) < 4 || strchr(p, '/') || strchr(p, '\\'))
data/tilem-2.0/gui/tool.c:368:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
icount = strlen(utf8str);
ANALYSIS SUMMARY:
Hits = 115
Lines analyzed = 37720 in approximately 0.89 seconds (42461 lines/second)
Physical Source Lines of Code (SLOC) = 27147
Hits@level = [0] 175 [1] 47 [2] 59 [3] 1 [4] 8 [5] 0
Hits@level+ = [0+] 290 [1+] 115 [2+] 68 [3+] 9 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 10.6826 [1+] 4.2362 [2+] 2.50488 [3+] 0.331528 [4+] 0.294692 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.