Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/utox-0.17.2/langs/bg.h
Examining data/utox-0.17.2/langs/br.h
Examining data/utox-0.17.2/langs/cn.h
Examining data/utox-0.17.2/langs/cs.h
Examining data/utox-0.17.2/langs/de.h
Examining data/utox-0.17.2/langs/dk.h
Examining data/utox-0.17.2/langs/en.h
Examining data/utox-0.17.2/langs/eo.h
Examining data/utox-0.17.2/langs/es.h
Examining data/utox-0.17.2/langs/et.h
Examining data/utox-0.17.2/langs/fr.h
Examining data/utox-0.17.2/langs/hi.h
Examining data/utox-0.17.2/langs/hr.h
Examining data/utox-0.17.2/langs/hu.h
Examining data/utox-0.17.2/langs/i18n_decls.h
Examining data/utox-0.17.2/langs/it.h
Examining data/utox-0.17.2/langs/ja.h
Examining data/utox-0.17.2/langs/lv.h
Examining data/utox-0.17.2/langs/nl.h
Examining data/utox-0.17.2/langs/no.h
Examining data/utox-0.17.2/langs/pl.h
Examining data/utox-0.17.2/langs/pt.h
Examining data/utox-0.17.2/langs/ro.h
Examining data/utox-0.17.2/langs/ru.h
Examining data/utox-0.17.2/langs/sv.h
Examining data/utox-0.17.2/langs/tr.h
Examining data/utox-0.17.2/langs/tw.h
Examining data/utox-0.17.2/langs/uk.h
Examining data/utox-0.17.2/src/android/audio.c
Examining data/utox-0.17.2/src/android/freetype.c
Examining data/utox-0.17.2/src/android/freetype.h
Examining data/utox-0.17.2/src/android/gl.c
Examining data/utox-0.17.2/src/android/gl.h
Examining data/utox-0.17.2/src/android/logging.h
Examining data/utox-0.17.2/src/android/main.c
Examining data/utox-0.17.2/src/android/main.h
Examining data/utox-0.17.2/src/android/window.c
Examining data/utox-0.17.2/src/av/audio.c
Examining data/utox-0.17.2/src/av/audio.h
Examining data/utox-0.17.2/src/av/filter_audio.c
Examining data/utox-0.17.2/src/av/filter_audio.h
Examining data/utox-0.17.2/src/av/utox_av.c
Examining data/utox-0.17.2/src/av/utox_av.h
Examining data/utox-0.17.2/src/av/video.c
Examining data/utox-0.17.2/src/av/video.h
Examining data/utox-0.17.2/src/avatar.c
Examining data/utox-0.17.2/src/avatar.h
Examining data/utox-0.17.2/src/branding.h
Examining data/utox-0.17.2/src/chatlog.c
Examining data/utox-0.17.2/src/chatlog.h
Examining data/utox-0.17.2/src/chrono.c
Examining data/utox-0.17.2/src/chrono.h
Examining data/utox-0.17.2/src/cocoa/cursor.h
Examining data/utox-0.17.2/src/cocoa/main.h
Examining data/utox-0.17.2/src/cocoa/objc_main.h
Examining data/utox-0.17.2/src/cocoa/window.c
Examining data/utox-0.17.2/src/command_funcs.c
Examining data/utox-0.17.2/src/command_funcs.h
Examining data/utox-0.17.2/src/commands.c
Examining data/utox-0.17.2/src/commands.h
Examining data/utox-0.17.2/src/debug.h
Examining data/utox-0.17.2/src/devices.c
Examining data/utox-0.17.2/src/devices.h
Examining data/utox-0.17.2/src/file_transfers.c
Examining data/utox-0.17.2/src/file_transfers.h
Examining data/utox-0.17.2/src/filesys.c
Examining data/utox-0.17.2/src/filesys.h
Examining data/utox-0.17.2/src/flist.c
Examining data/utox-0.17.2/src/flist.h
Examining data/utox-0.17.2/src/friend.c
Examining data/utox-0.17.2/src/friend.h
Examining data/utox-0.17.2/src/groups.c
Examining data/utox-0.17.2/src/groups.h
Examining data/utox-0.17.2/src/inline_video.c
Examining data/utox-0.17.2/src/inline_video.h
Examining data/utox-0.17.2/src/layout/background.c
Examining data/utox-0.17.2/src/layout/background.h
Examining data/utox-0.17.2/src/layout/create.h
Examining data/utox-0.17.2/src/layout/friend.c
Examining data/utox-0.17.2/src/layout/friend.h
Examining data/utox-0.17.2/src/layout/group.c
Examining data/utox-0.17.2/src/layout/group.h
Examining data/utox-0.17.2/src/layout/notify.c
Examining data/utox-0.17.2/src/layout/notify.h
Examining data/utox-0.17.2/src/layout/settings.c
Examining data/utox-0.17.2/src/layout/settings.h
Examining data/utox-0.17.2/src/layout/sidebar.c
Examining data/utox-0.17.2/src/layout/sidebar.h
Examining data/utox-0.17.2/src/layout/tray.c
Examining data/utox-0.17.2/src/layout/tray.h
Examining data/utox-0.17.2/src/layout/userbadge.c
Examining data/utox-0.17.2/src/layout/userbadge.h
Examining data/utox-0.17.2/src/logging.c
Examining data/utox-0.17.2/src/macros.h
Examining data/utox-0.17.2/src/main.c
Examining data/utox-0.17.2/src/main.h
Examining data/utox-0.17.2/src/messages.c
Examining data/utox-0.17.2/src/messages.h
Examining data/utox-0.17.2/src/native/android/image.h
Examining data/utox-0.17.2/src/native/android/keycodes.h
Examining data/utox-0.17.2/src/native/audio.h
Examining data/utox-0.17.2/src/native/clipboard.h
Examining data/utox-0.17.2/src/native/cocoa/keycodes.h
Examining data/utox-0.17.2/src/native/dialog.h
Examining data/utox-0.17.2/src/native/filesys.h
Examining data/utox-0.17.2/src/native/image.h
Examining data/utox-0.17.2/src/native/keyboard.h
Examining data/utox-0.17.2/src/native/main.h
Examining data/utox-0.17.2/src/native/notify.h
Examining data/utox-0.17.2/src/native/os.h
Examining data/utox-0.17.2/src/native/thread.h
Examining data/utox-0.17.2/src/native/time.h
Examining data/utox-0.17.2/src/native/ui.h
Examining data/utox-0.17.2/src/native/video.h
Examining data/utox-0.17.2/src/native/win/image.h
Examining data/utox-0.17.2/src/native/win/keycodes.h
Examining data/utox-0.17.2/src/native/window.h
Examining data/utox-0.17.2/src/native/xlib/image.h
Examining data/utox-0.17.2/src/native/xlib/keycodes.h
Examining data/utox-0.17.2/src/notify.c
Examining data/utox-0.17.2/src/notify.h
Examining data/utox-0.17.2/src/posix/filesys.c
Examining data/utox-0.17.2/src/qr.c
Examining data/utox-0.17.2/src/qr.h
Examining data/utox-0.17.2/src/screen_grab.c
Examining data/utox-0.17.2/src/screen_grab.h
Examining data/utox-0.17.2/src/self.c
Examining data/utox-0.17.2/src/self.h
Examining data/utox-0.17.2/src/settings.c
Examining data/utox-0.17.2/src/settings.h
Examining data/utox-0.17.2/src/shared/freetype-text.c
Examining data/utox-0.17.2/src/sized_string.h
Examining data/utox-0.17.2/src/stb.c
Examining data/utox-0.17.2/src/text.c
Examining data/utox-0.17.2/src/text.h
Examining data/utox-0.17.2/src/theme.c
Examining data/utox-0.17.2/src/theme.h
Examining data/utox-0.17.2/src/theme_tables.c
Examining data/utox-0.17.2/src/theme_tables.h
Examining data/utox-0.17.2/src/tox.c
Examining data/utox-0.17.2/src/tox.h
Examining data/utox-0.17.2/src/tox_bootstrap.h
Examining data/utox-0.17.2/src/tox_callbacks.c
Examining data/utox-0.17.2/src/tox_callbacks.h
Examining data/utox-0.17.2/src/ui.c
Examining data/utox-0.17.2/src/ui.h
Examining data/utox-0.17.2/src/ui/button.c
Examining data/utox-0.17.2/src/ui/button.h
Examining data/utox-0.17.2/src/ui/contextmenu.c
Examining data/utox-0.17.2/src/ui/contextmenu.h
Examining data/utox-0.17.2/src/ui/draw.c
Examining data/utox-0.17.2/src/ui/draw.h
Examining data/utox-0.17.2/src/ui/dropdown.c
Examining data/utox-0.17.2/src/ui/dropdown.h
Examining data/utox-0.17.2/src/ui/edit.c
Examining data/utox-0.17.2/src/ui/edit.h
Examining data/utox-0.17.2/src/ui/panel.h
Examining data/utox-0.17.2/src/ui/scrollable.c
Examining data/utox-0.17.2/src/ui/scrollable.h
Examining data/utox-0.17.2/src/ui/svg.c
Examining data/utox-0.17.2/src/ui/svg.h
Examining data/utox-0.17.2/src/ui/switch.c
Examining data/utox-0.17.2/src/ui/switch.h
Examining data/utox-0.17.2/src/ui/text.c
Examining data/utox-0.17.2/src/ui/text.h
Examining data/utox-0.17.2/src/ui/tooltip.c
Examining data/utox-0.17.2/src/ui/tooltip.h
Examining data/utox-0.17.2/src/ui_i18n.c
Examining data/utox-0.17.2/src/ui_i18n.h
Examining data/utox-0.17.2/src/utox.c
Examining data/utox-0.17.2/src/utox.h
Examining data/utox-0.17.2/src/window.c
Examining data/utox-0.17.2/src/window.h
Examining data/utox-0.17.2/src/windows/audio.c
Examining data/utox-0.17.2/src/windows/dnd.c
Examining data/utox-0.17.2/src/windows/drawing.c
Examining data/utox-0.17.2/src/windows/events.c
Examining data/utox-0.17.2/src/windows/events.h
Examining data/utox-0.17.2/src/windows/filesys.c
Examining data/utox-0.17.2/src/windows/main.7.c
Examining data/utox-0.17.2/src/windows/main.c
Examining data/utox-0.17.2/src/windows/main.h
Examining data/utox-0.17.2/src/windows/notify.c
Examining data/utox-0.17.2/src/windows/notify.h
Examining data/utox-0.17.2/src/windows/os_video.c
Examining data/utox-0.17.2/src/windows/screen_grab.c
Examining data/utox-0.17.2/src/windows/screen_grab.h
Examining data/utox-0.17.2/src/windows/utf8.c
Examining data/utox-0.17.2/src/windows/utf8.h
Examining data/utox-0.17.2/src/windows/video.c
Examining data/utox-0.17.2/src/windows/window.c
Examining data/utox-0.17.2/src/windows/window.h
Examining data/utox-0.17.2/src/xlib/audio.c
Examining data/utox-0.17.2/src/xlib/dbus.c
Examining data/utox-0.17.2/src/xlib/dbus.h
Examining data/utox-0.17.2/src/xlib/drawing.c
Examining data/utox-0.17.2/src/xlib/event.c
Examining data/utox-0.17.2/src/xlib/filesys.c
Examining data/utox-0.17.2/src/xlib/freetype.c
Examining data/utox-0.17.2/src/xlib/freetype.h
Examining data/utox-0.17.2/src/xlib/gtk.c
Examining data/utox-0.17.2/src/xlib/gtk.h
Examining data/utox-0.17.2/src/xlib/keysym2ucs.h
Examining data/utox-0.17.2/src/xlib/main.c
Examining data/utox-0.17.2/src/xlib/main.h
Examining data/utox-0.17.2/src/xlib/mmenu.c
Examining data/utox-0.17.2/src/xlib/mmenu.h
Examining data/utox-0.17.2/src/xlib/screen_grab.c
Examining data/utox-0.17.2/src/xlib/screen_grab.h
Examining data/utox-0.17.2/src/xlib/tray.h
Examining data/utox-0.17.2/src/xlib/v4l.c
Examining data/utox-0.17.2/src/xlib/video.c
Examining data/utox-0.17.2/src/xlib/window.c
Examining data/utox-0.17.2/src/xlib/window.h
Examining data/utox-0.17.2/src/xlib/tray.c
Examining data/utox-0.17.2/src/stb.h
Examining data/utox-0.17.2/tests/mock/mock_filesys.c
Examining data/utox-0.17.2/tests/mock/mock_logging.c
Examining data/utox-0.17.2/tests/mock/mock_settings.c
Examining data/utox-0.17.2/tests/mock/mock_system_calls.c
Examining data/utox-0.17.2/tests/mock/mock_threads.c
Examining data/utox-0.17.2/tests/test.h
Examining data/utox-0.17.2/tests/test_chatlog.c
Examining data/utox-0.17.2/tests/test_chrono.c
FINAL RESULTS:
data/utox-0.17.2/src/xlib/main.c:566:12: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
return chmod((char *)file, S_IRUSR | S_IWUSR);
data/utox-0.17.2/src/android/main.c:184:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(path, UTOX_FILE_NAME_LENGTH, ANDROID_INTERNAL_SAVE);
data/utox-0.17.2/src/android/main.c:263:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf((char *)path, UTOX_FILE_NAME_LENGTH, ANDROID_INTERNAL_SAVE);
data/utox-0.17.2/src/friend.c:587:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(title, sizeof(title), S(STATUS_MESSAGE),
data/utox-0.17.2/src/logging.c:22:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(settings.debug_file, fmt, list);
data/utox-0.17.2/src/settings.c:245:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)config->proxy_ip, value);
data/utox-0.17.2/src/settings.c:461:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)proxy_address, (char *)save->proxy_ip);
data/utox-0.17.2/src/settings.c:466:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)edit_proxy_ip.data, (char *)save->proxy_ip);
data/utox-0.17.2/src/windows/filesys.c:22:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, portable_mode_save_path);
data/utox-0.17.2/src/windows/filesys.c:26:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, portable_mode_save_path);
data/utox-0.17.2/src/windows/filesys.c:106:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, portable_mode_save_path);
data/utox-0.17.2/src/windows/filesys.c:110:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, portable_mode_save_path);
data/utox-0.17.2/src/windows/filesys.c:142:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(path + strlen(path), strlen(tmp_path) - strlen(folder_divider), tmp_path);
data/utox-0.17.2/src/windows/filesys.c:200:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)path, (char *)filepath);
data/utox-0.17.2/src/windows/filesys.c:236:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, portable_mode_save_path);
data/utox-0.17.2/src/windows/filesys.c:246:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, portable_mode_save_path);
data/utox-0.17.2/src/windows/main.7.c:110:5: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(subpath, UTOX_FILE_NAME_LENGTH, L"%ls%ls", autoaccept_folder, L"\\Tox_Auto_Accept");
data/utox-0.17.2/src/windows/main.7.c:129:5: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(fullpath, UTOX_FILE_NAME_LENGTH, L"%ls\\%ls", subpath, filename);
data/utox-0.17.2/src/windows/main.c:813:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(portable_mode_save_path, utox_folder);
data/utox-0.17.2/src/windows/main.c:818:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(instance_id, TITLE);
data/utox-0.17.2/src/windows/window.c:77:5: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(title, 128, L"%S", S(WINDOW_TITLE_VIDEO_PREVIEW));
data/utox-0.17.2/src/xlib/main.c:245:9: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(cmd, cmd, str, (char *)0);
data/utox-0.17.2/src/xlib/mmenu.c:95:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
void mm_save_cid() { strcpy((char *)f_id_data_on_minimize, (char *)f_id_data); }
data/utox-0.17.2/src/xlib/mmenu.c:100:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)f_id_data, (char *)f_id_data_on_minimize);
data/utox-0.17.2/src/xlib/tray.c:102:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(icon_paths[i], R_OK) != -1) {
data/utox-0.17.2/tests/mock/mock_logging.c:10:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, list);
data/utox-0.17.2/src/main.c:131:19: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "t:ps:u:nvh", long_options, &long_index)) != -1) {
data/utox-0.17.2/src/posix/filesys.c:52:66: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
snprintf(path, UTOX_FILE_NAME_LENGTH, "%s/.config/tox/", getenv("HOME"));
data/utox-0.17.2/src/posix/filesys.c:123:74: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
snprintf((char *)path, UTOX_FILE_NAME_LENGTH, "%s/.config/tox/", getenv("HOME"));
data/utox-0.17.2/src/tox.c:1076:13: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(pkey_to_number);
data/utox-0.17.2/src/tox_callbacks.c:277:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(pkey_to_number);
data/utox-0.17.2/src/xlib/filesys.c:30:66: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
snprintf(path, UTOX_FILE_NAME_LENGTH, "%s/.config/tox/", getenv("HOME"));
data/utox-0.17.2/src/xlib/filesys.c:80:74: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
snprintf((char *)path, UTOX_FILE_NAME_LENGTH, "%s/.config/tox/", getenv("HOME"));
data/utox-0.17.2/src/xlib/filesys.c:157:74: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
snprintf((char *)path, UTOX_FILE_NAME_LENGTH, "%s/.config/tox/", getenv("HOME"));
data/utox-0.17.2/src/xlib/main.c:104:69: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
snprintf(path, UTOX_FILE_NAME_LENGTH, "%s/.config/tox/ppt-kbd", getenv("HOME")); // TODO DRY
data/utox-0.17.2/src/xlib/mmenu.c:20:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (strcmp(getenv("XDG_CURRENT_DESKTOP"), "Unity") == 0) {
data/utox-0.17.2/tests/mock/mock_filesys.c:15:74: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
snprintf((char *)path, UTOX_FILE_NAME_LENGTH, "%s/.config/tox/", getenv("HOME"));
data/utox-0.17.2/tests/test_chrono.c:88:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int) time(NULL));
data/utox-0.17.2/src/android/audio.c:116:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->buf[p->value * 960 * channels], data, 960 * 2 * channels);
data/utox-0.17.2/src/android/audio.c:195:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame, buf, 960 * 2);
data/utox-0.17.2/src/android/audio.c:334:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, frame, 960 * 2);
data/utox-0.17.2/src/android/main.c:51:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *internalPath[UTOX_FILE_NAME_LENGTH];
data/utox-0.17.2/src/android/main.c:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[4] = { 0 };
data/utox-0.17.2/src/android/main.c:168:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(path, mode);
data/utox-0.17.2/src/android/main.c:174:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(path, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
data/utox-0.17.2/src/av/audio.c:857:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(preview_buffer + preview_buffer_index, buf, perframe * sizeof(int16_t));
data/utox-0.17.2/src/av/utox_av.c:148:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char notice_msg[64];
data/utox-0.17.2/src/avatar.c:23:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool avatar_save(char hexid[TOX_PUBLIC_KEY_SIZE * 2], const uint8_t *data, size_t length) {
data/utox-0.17.2/src/avatar.c:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[sizeof("avatars/") + TOX_PUBLIC_KEY_SIZE * 2 + sizeof(".png")] = { 0 };
data/utox-0.17.2/src/avatar.c:42:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static uint8_t *load_img_data(char hexid[TOX_PUBLIC_KEY_SIZE * 2], size_t *out_size) {
data/utox-0.17.2/src/avatar.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[sizeof("avatars/") + TOX_PUBLIC_KEY_SIZE * 2 + sizeof(".png")] = { 0 };
data/utox-0.17.2/src/avatar.c:76:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool avatar_delete(char hexid[TOX_PUBLIC_KEY_SIZE * 2]) {
data/utox-0.17.2/src/avatar.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[sizeof("avatars/") + TOX_PUBLIC_KEY_SIZE * 2 + sizeof(".png")] = { 0 };
data/utox-0.17.2/src/avatar.c:85:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static bool avatar_load(char hexid[TOX_PUBLIC_KEY_SIZE * 2], AVATAR *avatar, size_t *size_out) {
data/utox-0.17.2/src/avatar.c:169:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool avatar_init(char hexid[TOX_PUBLIC_KEY_SIZE * 2], AVATAR *avatar) {
data/utox-0.17.2/src/avatar.h:39:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool avatar_init(char hexid[TOX_PUBLIC_KEY_SIZE * 2], AVATAR *avatar);
data/utox-0.17.2/src/avatar.h:97:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool avatar_save(char hexid[TOX_PUBLIC_KEY_SIZE * 2], const uint8_t *data, size_t length);
data/utox-0.17.2/src/avatar.h:104:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool avatar_delete(char hexid[TOX_PUBLIC_KEY_SIZE * 2]);
data/utox-0.17.2/src/chatlog.c:14:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static FILE* chatlog_get_file(char hex[TOX_PUBLIC_KEY_SIZE * 2], bool append) {
data/utox-0.17.2/src/chatlog.c:15:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[TOX_PUBLIC_KEY_SIZE * 2 + sizeof(".new.txt")];
data/utox-0.17.2/src/chatlog.c:33:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
size_t utox_save_chatlog(char hex[TOX_PUBLIC_KEY_SIZE * 2], uint8_t *data, size_t length) {
data/utox-0.17.2/src/chatlog.c:50:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static size_t utox_count_chatlog(char hex[TOX_PUBLIC_KEY_SIZE * 2]) {
data/utox-0.17.2/src/chatlog.c:86:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MSG_HEADER **utox_load_chatlog(char hex[TOX_PUBLIC_KEY_SIZE * 2], size_t *size, uint32_t count, uint32_t skip) {
data/utox-0.17.2/src/chatlog.c:214:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool utox_update_chatlog(char hex[TOX_PUBLIC_KEY_SIZE * 2], size_t offset, uint8_t *data, size_t length) {
data/utox-0.17.2/src/chatlog.c:234:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool utox_remove_friend_chatlog(char hex[TOX_PUBLIC_KEY_SIZE * 2]) {
data/utox-0.17.2/src/chatlog.c:235:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[TOX_PUBLIC_KEY_SIZE * 2 + sizeof(".new.txt")];
data/utox-0.17.2/src/chatlog.c:246:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void utox_export_chatlog(char hex[TOX_PUBLIC_KEY_SIZE * 2], FILE *dest_file) {
data/utox-0.17.2/src/chatlog.c:268:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/utox-0.17.2/src/chatlog.h:38:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
size_t utox_save_chatlog(char hex[TOX_PUBLIC_KEY_SIZE * 2], uint8_t *data, size_t length);
data/utox-0.17.2/src/chatlog.h:41:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MSG_HEADER **utox_load_chatlog(char hex[TOX_PUBLIC_KEY_SIZE * 2], size_t *size, uint32_t count, uint32_t skip);
data/utox-0.17.2/src/chatlog.h:48:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool utox_update_chatlog(char hex[TOX_PUBLIC_KEY_SIZE * 2], size_t offset, uint8_t *data, size_t length);
data/utox-0.17.2/src/chatlog.h:55:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool utox_remove_friend_chatlog(char hex[TOX_PUBLIC_KEY_SIZE * 2]);
data/utox-0.17.2/src/chatlog.h:65:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void utox_export_chatlog(char hex[TOX_PUBLIC_KEY_SIZE * 2], FILE *dest_file);
data/utox-0.17.2/src/command_funcs.c:31:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, id, TOX_ADDRESS_SIZE);
data/utox-0.17.2/src/command_funcs.c:66:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, arg, arg_length);
data/utox-0.17.2/src/devices.c:90:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, id, TOX_ADDRESS_SIZE);
data/utox-0.17.2/src/devices.c:91:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + TOX_ADDRESS_SIZE, name, length * sizeof(uint8_t));
data/utox-0.17.2/src/file_transfers.c:170:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[TOX_HASH_LENGTH * 2];
data/utox-0.17.2/src/file_transfers.c:218:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[UTOX_FILE_NAME_LENGTH];
data/utox-0.17.2/src/file_transfers.c:234:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[UTOX_FILE_NAME_LENGTH];
data/utox-0.17.2/src/file_transfers.c:250:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resume_name[UTOX_FILE_NAME_LENGTH];
data/utox-0.17.2/src/file_transfers.c:290:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ft, &resume_file, sizeof(FILE_TRANSFER));
data/utox-0.17.2/src/file_transfers.c:544:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg, &width, sizeof(uint16_t));
data/utox-0.17.2/src/file_transfers.c:545:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + sizeof(uint16_t), &height, sizeof(uint16_t));
data/utox-0.17.2/src/file_transfers.c:546:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + sizeof(uint16_t) * 2, &native_image, sizeof(NATIVE_IMAGE *));
data/utox-0.17.2/src/file_transfers.c:601:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file->via.file = fopen((char *)file->path, "rb+");
data/utox-0.17.2/src/file_transfers.c:605:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[UTOX_FILE_NAME_LENGTH];
data/utox-0.17.2/src/file_transfers.c:926:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = fopen((const char *)ft->path, "rb+");
data/utox-0.17.2/src/file_transfers.c:1011:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ft->via.memory + position, data, length);
data/utox-0.17.2/src/file_transfers.c:1013:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ft->via.avatar + position, data, length);
data/utox-0.17.2/src/file_transfers.c:1103:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ft->data_hash, hash, TOX_HASH_LENGTH);
data/utox-0.17.2/src/file_transfers.c:1274:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ft->data_hash, hash, TOX_HASH_LENGTH);
data/utox-0.17.2/src/flist.c:213:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[TOX_ADDRESS_SIZE * 2];
data/utox-0.17.2/src/flist.c:398:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f->typed, edit_chat_msg_friend.data, f->typed_length);
data/utox-0.17.2/src/flist.c:437:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g->typed, edit_chat_msg_group.data, g->typed_length);
data/utox-0.17.2/src/flist.c:509:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(edit_chat_msg_friend.data, f->typed, f->typed_length);
data/utox-0.17.2/src/flist.c:547:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(edit_chat_msg_group.data, g->typed, g->typed_length);
data/utox-0.17.2/src/flist.c:886:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(push_pop.data, &f->id_bin, TOX_PUBLIC_KEY_SIZE);
data/utox-0.17.2/src/flist.c:989:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tox_id, &str[tox_uri_scheme_length], TOX_ADDRESS_SIZE * 2);
data/utox-0.17.2/src/flist.c:998:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tox_id[TOX_ADDRESS_SIZE * 2 + 1];
data/utox-0.17.2/src/flist.c:1205:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[g->name_length + 7];
data/utox-0.17.2/src/flist.c:1206:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "/topic ");
data/utox-0.17.2/src/flist.c:1207:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str + 7, g->name, g->name_length);
data/utox-0.17.2/src/friend.c:97:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->bin_id, id, TOX_ADDRESS_SIZE);
data/utox-0.17.2/src/friend.c:103:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r->msg, msg, length);
data/utox-0.17.2/src/friend.c:148:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[UTOX_FILE_NAME_LENGTH];
data/utox-0.17.2/src/friend.c:171:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &metadata, sizeof(metadata));
data/utox-0.17.2/src/friend.c:173:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + sizeof(metadata), f->alias, metadata.alias_length);
data/utox-0.17.2/src/friend.c:185:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[UTOX_FILE_NAME_LENGTH];
data/utox-0.17.2/src/friend.c:340:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f->name, name, length);
data/utox-0.17.2/src/friend.c:388:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f->alias, alias, length);
data/utox-0.17.2/src/friend.c:417:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[sizeof("uTox new message from ") + UTOX_FRIEND_NAME_LENGTH(f)];
data/utox-0.17.2/src/friend.c:462:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, id, TOX_ADDRESS_SIZE);
data/utox-0.17.2/src/friend.c:463:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + TOX_ADDRESS_SIZE, msg, msg_length);
data/utox-0.17.2/src/friend.c:500:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, id, TOX_PUBLIC_KEY_SIZE);
data/utox-0.17.2/src/friend.c:585:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[UTOX_FRIEND_NAME_LENGTH(f) + SLEN(STATUS_MESSAGE) + strlen(state)];
data/utox-0.17.2/src/friend.h:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id_str[TOX_FRIEND_ID_STR_SIZE];
data/utox-0.17.2/src/groups.c:81:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g->topic, "Drag friends to invite them", sizeof("Drag friends to invite them") - 1);
data/utox-0.17.2/src/groups.c:138:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->via.grp.author, peer->name, peer->name_length);
data/utox-0.17.2/src/groups.c:148:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->via.grp.msg, message, length);
data/utox-0.17.2/src/groups.c:229:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old[TOX_MAX_NAME_LENGTH];
data/utox-0.17.2/src/groups.c:230:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[TOX_MAX_NAME_LENGTH];
data/utox-0.17.2/src/groups.c:232:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old, peer->name, peer->name_length);
data/utox-0.17.2/src/groups.c:244:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(peer->name, name, length);
data/utox-0.17.2/src/groups.c:262:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(peer->name, name, length);
data/utox-0.17.2/src/groups.c:352:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[g->name_length + 25];
data/utox-0.17.2/src/groups.h:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/utox-0.17.2/src/groups.h:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char topic[256]; /* TODO magic numbers */
data/utox-0.17.2/src/inline_video.c:46:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current_frame.img, img, size);
data/utox-0.17.2/src/layout/friend.c:110:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[length];
data/utox-0.17.2/src/layout/friend.c:689:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char e_friend_pubkey_str[TOX_PUBLIC_KEY_SIZE * 2];
data/utox-0.17.2/src/layout/friend.c:720:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char e_friend_alias_str[128];
data/utox-0.17.2/src/layout/friend.c:742:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char e_add_new_friend_id_data[TOX_ADDRESS_SIZE * 4];
data/utox-0.17.2/src/layout/friend.c:768:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char e_add_new_friend_msg_data[1024];
data/utox-0.17.2/src/layout/friend.c:854:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char e_chat_msg_friend_data[65535];
data/utox-0.17.2/src/layout/group.c:59:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TOX_MAX_NAME_LENGTH];
data/utox-0.17.2/src/layout/group.c:276:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char * dedup[65536]; /* TODO magic numbers */
data/utox-0.17.2/src/layout/group.c:324:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(found_nick, nick, nick_len);
data/utox-0.17.2/src/layout/group.c:363:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(text + completion.start, nick, size);
data/utox-0.17.2/src/layout/group.c:380:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nick[130];
data/utox-0.17.2/src/layout/group.c:396:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(text + 7, g->name, g->name_length);
data/utox-0.17.2/src/layout/group.c:478:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, text, length);
data/utox-0.17.2/src/layout/group.c:492:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nick[130];
data/utox-0.17.2/src/layout/group.c:526:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char e_chat_msg_group_data[65535];
data/utox-0.17.2/src/layout/group.c:550:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, edit->data, edit->length);
data/utox-0.17.2/src/layout/group.c:554:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char e_group_topic_data[1024];
data/utox-0.17.2/src/layout/settings.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ver_string[64];
data/utox-0.17.2/src/layout/settings.c:177:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[10];
data/utox-0.17.2/src/layout/settings.c:1247:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(proxy_address, edit_proxy_ip.data, edit_proxy_ip.length);
data/utox-0.17.2/src/layout/settings.c:1489:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char edit_name_data[128],
data/utox-0.17.2/src/layout/settings.c:1497:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char edit_add_self_device_data[TOX_ADDRESS_SIZE * 4];
data/utox-0.17.2/src/layout/settings.c:1505:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self.name, data, length);
data/utox-0.17.2/src/layout/settings.c:1542:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self.statusmsg, data, length);
data/utox-0.17.2/src/layout/settings.c:1588:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(proxy_address, edit_proxy_ip.data, edit_proxy_ip.length);
data/utox-0.17.2/src/layout/settings.c:1720:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char edit_add_new_device_to_self_data[TOX_ADDRESS_SIZE * 4];
data/utox-0.17.2/src/layout/sidebar.c:170:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(search_data, data, length);
data/utox-0.17.2/src/layout/sidebar.c:204:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char e_search_data[1024];
data/utox-0.17.2/src/macros.h:21:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define strcpy2(x, y) (memcpy(x, y, sizeof(y) - 1))
data/utox-0.17.2/src/main.c:79:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool utox_data_save_ftinfo(char hex[TOX_PUBLIC_KEY_SIZE * 2], uint8_t *data, size_t length) {
data/utox-0.17.2/src/main.c:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[TOX_PUBLIC_KEY_SIZE * 2 + sizeof(".ftinfo")];
data/utox-0.17.2/src/main.c:215:39: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
settings.debug_file = fopen(optarg, "a+");
data/utox-0.17.2/src/messages.c:278:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->via.txt.msg, msgtxt, length);
data/utox-0.17.2/src/messages.c:327:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->via.action.msg, msgtxt, length);
data/utox-0.17.2/src/messages.c:365:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->via.notice.msg, msgtxt, length);
data/utox-0.17.2/src/messages.c:431:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->via.ft.name, name, msg->via.ft.name_length);
data/utox-0.17.2/src/messages.c:497:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &header, sizeof(header));
data/utox-0.17.2/src/messages.c:498:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + sizeof(header), author, author_length);
data/utox-0.17.2/src/messages.c:499:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + sizeof(header) + author_length, msg->via.txt.msg, msg->via.txt.length);
data/utox-0.17.2/src/messages.c:636:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &header, length);
data/utox-0.17.2/src/messages.c:668:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestr[9];
data/utox-0.17.2/src/messages.c:839:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ft_text[file->name_length + 128];
data/utox-0.17.2/src/messages.c:936:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char speed[32] = {0};
data/utox-0.17.2/src/messages.c:1635:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url[m->urllen + 1];
data/utox-0.17.2/src/messages.c:1636:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(url, msg->via.txt.msg + m->cursor_over_uri, m->urllen * sizeof(char));
data/utox-0.17.2/src/messages.c:1682:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, msg->via.grp.author, msg->via.grp.author_length);
data/utox-0.17.2/src/messages.c:1693:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, f->name, f->name_length);
data/utox-0.17.2/src/messages.c:1701:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, self.name, self.name_length);
data/utox-0.17.2/src/messages.c:1747:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, data, length);
data/utox-0.17.2/src/posix/filesys.c:29:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, path, i + 1);
data/utox-0.17.2/src/posix/filesys.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[4] = { 0 };
data/utox-0.17.2/src/posix/filesys.c:104:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(path, mode);
data/utox-0.17.2/src/posix/filesys.c:110:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(path, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
data/utox-0.17.2/src/qr.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tox_uri[TOX_ADDRESS_STR_SIZE + sizeof("tox:")];
data/utox-0.17.2/src/self.c:34:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(self.nospam_str, "%08X", self.nospam);
data/utox-0.17.2/src/self.h:12:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[TOX_MAX_NAME_LENGTH];
data/utox-0.17.2/src/self.h:13:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statusmsg[TOX_MAX_STATUS_MESSAGE_LENGTH];
data/utox-0.17.2/src/self.h:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id_str[TOX_ADDRESS_SIZE * 2];
data/utox-0.17.2/src/self.h:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nospam_str[(sizeof(uint32_t) * 2) + 1];
data/utox-0.17.2/src/settings.c:50:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *config_sections[UNKNOWN_SECTION + 1] = {
data/utox-0.17.2/src/settings.c:156:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config->save_version = atoi(value);
data/utox-0.17.2/src/settings.c:158:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config->utox_last_version = atoi(value);
data/utox-0.17.2/src/settings.c:168:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config->language = atoi(value);
data/utox-0.17.2/src/settings.c:170:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config->window_x = atoi(value);
data/utox-0.17.2/src/settings.c:172:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config->window_y = atoi(value);
data/utox-0.17.2/src/settings.c:174:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config->window_width = atoi(value);
data/utox-0.17.2/src/settings.c:176:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config->window_height = atoi(value);
data/utox-0.17.2/src/settings.c:178:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config->theme = atoi(value);
data/utox-0.17.2/src/settings.c:180:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config->scale = atoi(value);
data/utox-0.17.2/src/settings.c:206:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config->audio_device_in = atoi(value);
data/utox-0.17.2/src/settings.c:208:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config->audio_device_out = atoi(value);
data/utox-0.17.2/src/settings.c:231:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config->group_notifications = atoi(value);
data/utox-0.17.2/src/settings.c:243:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config->proxy_port = atoi(value);
data/utox-0.17.2/src/settings.c:572:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(save->proxy_ip, proxy_address, proxy_address_size);
data/utox-0.17.2/src/text.c:236:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out + len, str[i] == '>' ? ">" : "<", 4);
data/utox-0.17.2/src/text.c:243:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out + len, "&", 5);
data/utox-0.17.2/src/text.c:251:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out + len, str + i, r);
data/utox-0.17.2/src/theme.c:703:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[3] = { 0 };
data/utox-0.17.2/src/theme.c:705:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hex, color, 2);
data/utox-0.17.2/src/theme.c:707:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hex, color + 2, 2);
data/utox-0.17.2/src/theme.c:709:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hex, color + 4, 2);
data/utox-0.17.2/src/tox.c:45:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proxy_address[256]; /* Magic Number inside toxcore */
data/utox-0.17.2/src/tox.c:91:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(passphrase, edit_profile_password.data, passphrase_length);
data/utox-0.17.2/src/tox.c:111:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(passphrase, edit_profile_password.data, passphrase_length);
data/utox-0.17.2/src/tox.c:637:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(self.nospam_str, "%08X", self.nospam);
data/utox-0.17.2/src/tox.c:742:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex_id[TOX_ADDRESS_SIZE * 2];
data/utox-0.17.2/src/tox.c:761:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex_id[TOX_ADDRESS_SIZE * 2];
data/utox-0.17.2/src/tox.h:127:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char proxy_address[256]; /* Magic Number inside toxcore */
data/utox-0.17.2/src/tox_callbacks.c:77:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, newname, length);
data/utox-0.17.2/src/tox_callbacks.c:91:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, newstatus, length);
data/utox-0.17.2/src/tox_callbacks.c:265:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(peer->name, tmp, len);
data/utox-0.17.2/src/tox_callbacks.c:297:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy_title, title, length);
data/utox-0.17.2/src/tox_callbacks.c:338:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self.name, name, length);
data/utox-0.17.2/src/tox_callbacks.c:354:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self.statusmsg, smsg, length);
data/utox-0.17.2/src/ui.c:36:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char search_data[1024]; // TODO this is NOT where this belongs
data/utox-0.17.2/src/ui.h:112:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char search_data[1024]; // TODO this is NOT where this belongs
data/utox-0.17.2/src/ui/contextmenu.c:38:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!b->open) {
data/utox-0.17.2/src/ui/contextmenu.c:64:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!b->open) {
data/utox-0.17.2/src/ui/contextmenu.c:102:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!b->open) {
data/utox-0.17.2/src/ui/contextmenu.c:117:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!b->open) {
data/utox-0.17.2/src/ui/contextmenu.c:133:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!b->open) {
data/utox-0.17.2/src/ui/contextmenu.h:11:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open;
data/utox-0.17.2/src/ui/dropdown.c:90:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!d->open) {
data/utox-0.17.2/src/ui/dropdown.c:127:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (d->open) {
data/utox-0.17.2/src/ui/dropdown.c:204:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (d->open) {
data/utox-0.17.2/src/ui/dropdown.h:18:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool mouseover, open, skip_mup;
data/utox-0.17.2/src/ui/edit.c:342:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(edit->data + c->start, c->data, c->length);
data/utox-0.17.2/src/ui/edit.c:374:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new->data, edit->data + start, length);
data/utox-0.17.2/src/ui/edit.c:781:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, edit->data + edit_sel.start, edit_sel.length);
data/utox-0.17.2/src/ui/edit.c:819:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + newlen, data + i, len);
data/utox-0.17.2/src/ui/edit.c:837:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, data, newlen);
data/utox-0.17.2/src/ui/edit.c:895:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(edit->data, str, length);
data/utox-0.17.2/src/ui_i18n.c:91:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *posix_locales[NUM_LANGS];
data/utox-0.17.2/src/utox.c:259:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&width, data, sizeof(uint16_t));
data/utox-0.17.2/src/utox.c:260:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&height, (uint8_t *)data + sizeof(uint16_t), sizeof(uint16_t));
data/utox-0.17.2/src/utox.c:261:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&image, (uint8_t *)data + sizeof(uint16_t) * 2, sizeof(uint8_t *));
data/utox-0.17.2/src/utox.c:331:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(file->ui_data->via.ft.path, file->path, UTOX_FILE_NAME_LENGTH);
data/utox-0.17.2/src/utox.c:502:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f->id_bin, data, TOX_PUBLIC_KEY_SIZE);
data/utox-0.17.2/src/utox.c:685:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g->name, data, param2);
data/utox-0.17.2/src/windows/dnd.c:102:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
msg->file = fopen(path, "rb");
data/utox-0.17.2/src/windows/drawing.c:151:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t out[length];
data/utox-0.17.2/src/windows/drawing.c:158:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t out[length];
data/utox-0.17.2/src/windows/drawing.c:168:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t out[length];
data/utox-0.17.2/src/windows/drawing.c:176:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t out[length];
data/utox-0.17.2/src/windows/drawing.c:184:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t out[length];
data/utox-0.17.2/src/windows/drawing.c:192:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t out[length];
data/utox-0.17.2/src/windows/drawing.c:200:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t out[length];
data/utox-0.17.2/src/windows/drawing.c:209:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t out[len];
data/utox-0.17.2/src/windows/drawing.c:221:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t out[len];
data/utox-0.17.2/src/windows/filesys.c:44:23: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static FILE* get_file(wchar_t path[UTOX_FILE_NAME_LENGTH], UTOX_FILE_OPTS opts) {
data/utox-0.17.2/src/windows/filesys.c:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[4] = { 0 };
data/utox-0.17.2/src/windows/filesys.c:89:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wide_path[UTOX_FILE_NAME_LENGTH] = { 0 };
data/utox-0.17.2/src/windows/filesys.c:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[UTOX_FILE_NAME_LENGTH] = { 0 };
data/utox-0.17.2/src/windows/filesys.c:233:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[UTOX_FILE_NAME_LENGTH] = { 0 };
data/utox-0.17.2/src/windows/main.7.c:34:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t filepath[UTOX_FILE_NAME_LENGTH] = { 0 };
data/utox-0.17.2/src/windows/main.7.c:73:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t filepath[UTOX_FILE_NAME_LENGTH] = { 0 };
data/utox-0.17.2/src/windows/main.7.c:109:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t subpath[UTOX_FILE_NAME_LENGTH] = { 0 };
data/utox-0.17.2/src/windows/main.7.c:125:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t filename[UTOX_FILE_NAME_LENGTH] = { 0 };
data/utox-0.17.2/src/windows/main.7.c:128:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t fullpath[UTOX_FILE_NAME_LENGTH] = { 0 };
data/utox-0.17.2/src/windows/main.7.c:147:13: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t path[UTOX_FILE_NAME_LENGTH * 2];
data/utox-0.17.2/src/windows/main.c:59:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t dir[UTOX_FILE_NAME_LENGTH];
data/utox-0.17.2/src/windows/main.c:62:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t filepath[UTOX_FILE_NAME_LENGTH] = { 0 };
data/utox-0.17.2/src/windows/main.c:103:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t message_native[message_length];
data/utox-0.17.2/src/windows/main.c:107:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t caption_native[caption_length];
data/utox-0.17.2/src/windows/main.c:121:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t dir[UTOX_FILE_NAME_LENGTH];
data/utox-0.17.2/src/windows/main.c:156:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024];
data/utox-0.17.2/src/windows/main.c:164:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int len = sprintf(message, "%.*s", SLEN(AVATAR_TOO_LARGE_MAX_SIZE_IS),
data/utox-0.17.2/src/windows/main.c:182:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t filepath[UTOX_FILE_NAME_LENGTH] = { 0 };
data/utox-0.17.2/src/windows/main.c:232:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t filepath[UTOX_FILE_NAME_LENGTH] = { 0 };
data/utox-0.17.2/src/windows/main.c:314:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[max_size]; //! TODO: De-hardcode this value.
data/utox-0.17.2/src/windows/main.c:431:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[65536]; // TODO: De-hardcode this value.
data/utox-0.17.2/src/windows/main.c:560:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tip[length];
data/utox-0.17.2/src/windows/main.c:589:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t url[UTOX_FILE_NAME_LENGTH] = { 0 };
data/utox-0.17.2/src/windows/main.c:803:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instance_id[MAX_PATH];
data/utox-0.17.2/src/windows/main.c:853:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pretitle[128];
data/utox-0.17.2/src/windows/main.c:856:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t title[title_size];
data/utox-0.17.2/src/windows/main.h:74:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portable_mode_save_path[MAX_PATH];
data/utox-0.17.2/src/windows/os_video.c:116:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, sampleBuffer, video_width * 3);
data/utox-0.17.2/src/windows/os_video.c:345:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &pFilter, sizeof(pFilter));
data/utox-0.17.2/src/windows/utf8.c:5:12: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
return MultiByteToWideChar(CP_UTF8, 0, (char *)str, length, out, length);
data/utox-0.17.2/src/windows/utf8.c:20:12: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
return MultiByteToWideChar(CP_UTF8, 0, str, -1, out, length);
data/utox-0.17.2/src/windows/window.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pretitle[128];
data/utox-0.17.2/src/windows/window.c:59:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t title[title_size];
data/utox-0.17.2/src/windows/window.c:75:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t title[128];
data/utox-0.17.2/src/windows/window.c:108:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pre[128];
data/utox-0.17.2/src/windows/window.c:111:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t title[title_size];
data/utox-0.17.2/src/xlib/event.c:397:13: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buffer[16];
data/utox-0.17.2/src/xlib/event.c:677:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pastebuf.data + pastebuf.len - pastebuf.left, data, len);
data/utox-0.17.2/src/xlib/event.c:689:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data, &ev->data.s[2], sizeof(void *));
data/utox-0.17.2/src/xlib/filesys.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[UTOX_FILE_NAME_LENGTH] = { 0 };
data/utox-0.17.2/src/xlib/filesys.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atomic_path[UTOX_FILE_NAME_LENGTH] = { 0 };
data/utox-0.17.2/src/xlib/filesys.c:38:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(path, "ab");
data/utox-0.17.2/src/xlib/filesys.c:46:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(atomic_path, "wb");
data/utox-0.17.2/src/xlib/filesys.c:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[UTOX_FILE_NAME_LENGTH] = { 0 };
data/utox-0.17.2/src/xlib/filesys.c:90:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = fopen(path, "rb");
data/utox-0.17.2/src/xlib/filesys.c:135:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[TOX_MAX_NAME_LENGTH + sizeof(".txt")];
data/utox-0.17.2/src/xlib/filesys.c:144:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = fopen((char *)name, "wb");
data/utox-0.17.2/src/xlib/filesys.c:152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[UTOX_FILE_NAME_LENGTH] = { 0 };
data/utox-0.17.2/src/xlib/filesys.c:184:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path, file->name, file->name_length);
data/utox-0.17.2/src/xlib/filesys.c:208:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path, file->name, file->name_length);
data/utox-0.17.2/src/xlib/filesys.c:222:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("inline.png", "wb");
data/utox-0.17.2/src/xlib/filesys.c:249:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[TOX_MAX_NAME_LENGTH + sizeof(".png")] = { 0 };
data/utox-0.17.2/src/xlib/filesys.c:252:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = fopen(path, "wb");
data/utox-0.17.2/src/xlib/gtk.c:148:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
send->file = fopen(p->data, "rb");
data/utox-0.17.2/src/xlib/gtk.c:196:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size_str[16];
data/utox-0.17.2/src/xlib/gtk.c:198:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_str[265] = { 0 };
data/utox-0.17.2/src/xlib/gtk.c:242:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[file->name_length + 1];
data/utox-0.17.2/src/xlib/gtk.c:259:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(path, "w");
data/utox-0.17.2/src/xlib/gtk.c:310:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(name, "wb");
data/utox-0.17.2/src/xlib/gtk.c:344:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[TOX_MAX_NAME_LENGTH + sizeof ".txt"];
data/utox-0.17.2/src/xlib/gtk.c:354:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(file_name, "wb");
data/utox-0.17.2/src/xlib/gtk.c:371:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[TOX_MAX_NAME_LENGTH + sizeof ".png"] = { 0 };
data/utox-0.17.2/src/xlib/gtk.c:385:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = fopen(file_name, "wb");
data/utox-0.17.2/src/xlib/main.c:91:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&event.xclient.data.s[2], &data, sizeof(void *));
data/utox-0.17.2/src/xlib/main.c:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[UTOX_FILE_NAME_LENGTH];
data/utox-0.17.2/src/xlib/main.c:106:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ptt_keyboard_handle = fopen((const char *)path, "r");
data/utox-0.17.2/src/xlib/main.c:126:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_map[KEY_MAX / 8 + 1]; // Create a byte array the size of the number of keys
data/utox-0.17.2/src/xlib/main.c:144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keys[32] = { 0 };
data/utox-0.17.2/src/xlib/main.c:268:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(primary.data, data, length);
data/utox-0.17.2/src/xlib/main.c:387:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out + start - removed, in + start, i - start);
data/utox-0.17.2/src/xlib/main.c:391:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out + start - removed, in + start, i - start);
data/utox-0.17.2/src/xlib/main.c:398:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out + start - removed, in + start, len - start);
data/utox-0.17.2/src/xlib/main.c:428:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(png_image, data, size);
data/utox-0.17.2/src/xlib/main.h:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[UINT16_MAX]; // TODO: De-hardcode this value.
data/utox-0.17.2/src/xlib/main.h:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[UINT16_MAX]; // TODO: De-hardcode this value.
data/utox-0.17.2/src/xlib/mmenu.c:13:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f_name_data[TOX_MAX_NAME_LENGTH] = "";
data/utox-0.17.2/src/xlib/mmenu.c:14:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f_id_data[TOX_PUBLIC_KEY_SIZE * 2 + 1] = "";
data/utox-0.17.2/src/xlib/mmenu.c:15:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f_id_data_on_minimize[TOX_PUBLIC_KEY_SIZE * 2 + 1] = "";
data/utox-0.17.2/src/xlib/tray.c:117:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(icon_paths[i], O_RDONLY);
data/utox-0.17.2/src/xlib/v4l.c:68:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
utox_v4l_fd = open(dev_name, O_RDWR /* required */ | O_NONBLOCK, 0);
data/utox-0.17.2/src/xlib/video.c:193:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &pp, sizeof(void *));
data/utox-0.17.2/src/xlib/video.c:194:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + sizeof(void *), dev_name, sizeof(dev_name));
data/utox-0.17.2/src/xlib/window.c:151:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[256];
data/utox-0.17.2/tests/mock/mock_filesys.c:9:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[UTOX_FILE_NAME_LENGTH] = { 0 };
data/utox-0.17.2/tests/test_chatlog.c:15:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = fopen(name, "wb");
data/utox-0.17.2/tests/test_chatlog.c:59:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &header, sizeof(header));
data/utox-0.17.2/tests/test_chatlog.c:60:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + sizeof(header), author, author_length);
data/utox-0.17.2/tests/test_chatlog.c:61:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + sizeof(header) + author_length, msg, msg_length);
data/utox-0.17.2/tests/test_chatlog.c:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id_str[TOX_PUBLIC_KEY_SIZE * 2] = MOCK_FRIEND_ID;
data/utox-0.17.2/src/android/main.c:95:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000 * ms);
data/utox-0.17.2/src/android/main.c:197:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char *)path) + strlen((char *)name) >= UTOX_FILE_NAME_LENGTH) {
data/utox-0.17.2/src/android/main.c:197:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char *)path) + strlen((char *)name) >= UTOX_FILE_NAME_LENGTH) {
data/utox-0.17.2/src/android/main.c:201:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf((char *)path + strlen((char *)path), UTOX_FILE_NAME_LENGTH - strlen((char *)path), "%s", name);
data/utox-0.17.2/src/android/main.c:201:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf((char *)path + strlen((char *)path), UTOX_FILE_NAME_LENGTH - strlen((char *)path), "%s", name);
data/utox-0.17.2/src/android/main.c:265:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((const char *)path) + length >= UTOX_FILE_NAME_LENGTH) {
data/utox-0.17.2/src/android/main.c:269:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf((char *)path + strlen((const char *)path), UTOX_FILE_NAME_LENGTH - strlen((const char *)path), "%.*s",
data/utox-0.17.2/src/android/main.c:269:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf((char *)path + strlen((const char *)path), UTOX_FILE_NAME_LENGTH - strlen((const char *)path), "%.*s",
data/utox-0.17.2/src/android/main.c:651:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((len = read(pipefd[0], (void *)&piping, sizeof(PIPING))) > 0) {
data/utox-0.17.2/src/android/main.c:654:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rlen = read(pipefd[0], (void *)&piping + len, sizeof(PIPING) - len)) > 0) {
data/utox-0.17.2/src/android/main.c:684:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/utox-0.17.2/src/av/audio.c:338:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
audio_in_device_list += strlen(audio_in_device_list) + 1;
data/utox-0.17.2/src/av/audio.c:359:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
audio_out_device_list += strlen(audio_out_device_list) + 1;
data/utox-0.17.2/src/chatlog.c:286:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(file);
data/utox-0.17.2/src/chatlog.c:297:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(file);
data/utox-0.17.2/src/chatlog.c:302:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(file); /* the newline char */
data/utox-0.17.2/src/file_transfers.c:293:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint8_t *p = ft->path + strlen((char *)ft->path);
data/utox-0.17.2/src/file_transfers.c:602:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ft_send_file(tox, friend_number, file->via.file, file->path, strlen((char *)file->path), file->data_hash);
data/utox-0.17.2/src/file_transfers.c:863:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ft->name_length = strlen("utox-inline.png");
data/utox-0.17.2/src/flist.c:988:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(str) - tox_uri_scheme_length == TOX_ADDRESS_SIZE * 2) {
data/utox-0.17.2/src/friend.c:556:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((f->alias && memcmp(f->alias, name, MIN(f->alias_length, strlen((char *)name))) == 0)
data/utox-0.17.2/src/friend.c:557:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| memcmp(f->name, name, MIN(f->name_length, strlen((char *)name))) == 0) {
data/utox-0.17.2/src/friend.c:585:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char title[UTOX_FRIEND_NAME_LENGTH(f) + SLEN(STATUS_MESSAGE) + strlen(state)];
data/utox-0.17.2/src/groups.c:170:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GROUP_PEER *peer = calloc(1, sizeof(GROUP_PEER) + strlen(default_peer_name) + 1);
data/utox-0.17.2/src/layout/settings.c:54:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
drawtext(x, SCALE(10), GIT_VERSION, strlen(GIT_VERSION));
data/utox-0.17.2/src/posix/filesys.c:16:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(path);
data/utox-0.17.2/src/posix/filesys.c:55:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) + strlen(name) >= UTOX_FILE_NAME_LENGTH) {
data/utox-0.17.2/src/posix/filesys.c:55:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) + strlen(name) >= UTOX_FILE_NAME_LENGTH) {
data/utox-0.17.2/src/posix/filesys.c:67:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(path + strlen(path), UTOX_FILE_NAME_LENGTH - strlen(path), "%s", name);
data/utox-0.17.2/src/posix/filesys.c:67:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(path + strlen(path), UTOX_FILE_NAME_LENGTH - strlen(path), "%s", name);
data/utox-0.17.2/src/posix/filesys.c:137:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char *)path) + strlen((char *)name) >= UTOX_FILE_NAME_LENGTH) {
data/utox-0.17.2/src/posix/filesys.c:137:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char *)path) + strlen((char *)name) >= UTOX_FILE_NAME_LENGTH) {
data/utox-0.17.2/src/posix/filesys.c:141:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf((char *)path + strlen((char *)path), UTOX_FILE_NAME_LENGTH - strlen((char *)path), "%s", name);
data/utox-0.17.2/src/posix/filesys.c:141:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf((char *)path + strlen((char *)path), UTOX_FILE_NAME_LENGTH - strlen((char *)path), "%s", name);
data/utox-0.17.2/src/posix/filesys.c:153:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint8_t *p = path + strlen((char *)path);
data/utox-0.17.2/src/settings.c:460:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char *)save->proxy_ip) <= proxy_address_size){
data/utox-0.17.2/src/settings.c:464:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
edit_proxy_ip.length = strlen((char *)save->proxy_ip);
data/utox-0.17.2/src/theme.c:657:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int l = strlen(color) - 1; l > 0; --l) {
data/utox-0.17.2/src/theme.c:691:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int l = strlen(color) - 1; l > 0; --l) {
data/utox-0.17.2/src/tox.c:860:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ft_send_file(tox, param1, msg->file, msg->name, strlen((char*)msg->name), NULL);
data/utox-0.17.2/src/tox.c:877:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ft_send_data(tox, param1, img->image, img->image_size, name, strlen((char *)name));
data/utox-0.17.2/src/ui/dropdown.c:249:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maybe_i18nal_string_set_plain(&e->name, name, strlen((char *)name));
data/utox-0.17.2/src/windows/filesys.c:31:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(path + strlen(path), UTOX_FILE_NAME_LENGTH - strlen(path), "\\Tox\\");
data/utox-0.17.2/src/windows/filesys.c:31:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(path + strlen(path), UTOX_FILE_NAME_LENGTH - strlen(path), "\\Tox\\");
data/utox-0.17.2/src/windows/filesys.c:33:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) + strlen(name) >= UTOX_FILE_NAME_LENGTH) {
data/utox-0.17.2/src/windows/filesys.c:33:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) + strlen(name) >= UTOX_FILE_NAME_LENGTH) {
data/utox-0.17.2/src/windows/filesys.c:39:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(path + strlen(path), UTOX_FILE_NAME_LENGTH - strlen(path), "%s", name);
data/utox-0.17.2/src/windows/filesys.c:39:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(path + strlen(path), UTOX_FILE_NAME_LENGTH - strlen(path), "%s", name);
data/utox-0.17.2/src/windows/filesys.c:123:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(path + strlen(path), UTOX_FILE_NAME_LENGTH - strlen(path), "/Tox/");
data/utox-0.17.2/src/windows/filesys.c:123:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(path + strlen(path), UTOX_FILE_NAME_LENGTH - strlen(path), "/Tox/");
data/utox-0.17.2/src/windows/filesys.c:125:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) + strlen((char *)name) >= UTOX_FILE_NAME_LENGTH) {
data/utox-0.17.2/src/windows/filesys.c:125:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) + strlen((char *)name) >= UTOX_FILE_NAME_LENGTH) {
data/utox-0.17.2/src/windows/filesys.c:142:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(path + strlen(path), strlen(tmp_path) - strlen(folder_divider), tmp_path);
data/utox-0.17.2/src/windows/filesys.c:142:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(path + strlen(path), strlen(tmp_path) - strlen(folder_divider), tmp_path);
data/utox-0.17.2/src/windows/filesys.c:142:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(path + strlen(path), strlen(tmp_path) - strlen(folder_divider), tmp_path);
data/utox-0.17.2/src/windows/filesys.c:143:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *new_path = tmp_path + strlen(tmp_path) - strlen(folder_divider);
data/utox-0.17.2/src/windows/filesys.c:143:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *new_path = tmp_path + strlen(tmp_path) - strlen(folder_divider);
data/utox-0.17.2/src/windows/filesys.c:153:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(path + strlen(path), UTOX_FILE_NAME_LENGTH - strlen(path), "%s", tmp_path);
data/utox-0.17.2/src/windows/filesys.c:153:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(path + strlen(path), UTOX_FILE_NAME_LENGTH - strlen(path), "%s", tmp_path);
data/utox-0.17.2/src/windows/filesys.c:252:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) + length >= UTOX_FILE_NAME_LENGTH) {
data/utox-0.17.2/src/windows/filesys.c:256:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(path + strlen(path), UTOX_FILE_NAME_LENGTH - strlen(path),
data/utox-0.17.2/src/windows/filesys.c:256:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(path + strlen(path), UTOX_FILE_NAME_LENGTH - strlen(path),
data/utox-0.17.2/src/windows/main.7.c:102:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8_to_nativestr(portable_mode_save_path, autoaccept_folder, strlen(portable_mode_save_path) * 2);
data/utox-0.17.2/src/windows/main.c:218:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg->via.ft.name_length = strlen((char *) msg->via.ft.name);
data/utox-0.17.2/src/windows/main.c:233:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length = strlen(name);
data/utox-0.17.2/src/windows/main.c:661:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ULONG len = strlen(CmdLine);
data/utox-0.17.2/src/windows/main.c:769:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
.cbData = strlen(cmd),
data/utox-0.17.2/src/windows/main.c:855:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t title_size = strlen(pretitle) + 1;
data/utox-0.17.2/src/windows/main.c:880:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int len = strlen(cmd);
data/utox-0.17.2/src/windows/os_video.c:342:34: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = wcslen(varName.bstrVal);
data/utox-0.17.2/src/windows/window.c:58:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t title_size = strlen(pretitle) + 1;
data/utox-0.17.2/src/windows/window.c:110:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t title_size = strlen(pre) + 1;
data/utox-0.17.2/src/xlib/filesys.c:35:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(path + strlen(path), UTOX_FILE_NAME_LENGTH - strlen(path), "%s", name);
data/utox-0.17.2/src/xlib/filesys.c:35:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(path + strlen(path), UTOX_FILE_NAME_LENGTH - strlen(path), "%s", name);
data/utox-0.17.2/src/xlib/filesys.c:40:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) + name_length >= UTOX_FILE_NAME_LENGTH - strlen(".atomic")) {
data/utox-0.17.2/src/xlib/filesys.c:40:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) + name_length >= UTOX_FILE_NAME_LENGTH - strlen(".atomic")) {
data/utox-0.17.2/src/xlib/filesys.c:83:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) + name_length >= UTOX_FILE_NAME_LENGTH) {
data/utox-0.17.2/src/xlib/filesys.c:87:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(path + strlen(path), UTOX_FILE_NAME_LENGTH - strlen(path), "%s", name);
data/utox-0.17.2/src/xlib/filesys.c:87:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(path + strlen(path), UTOX_FILE_NAME_LENGTH - strlen(path), "%s", name);
data/utox-0.17.2/src/xlib/filesys.c:160:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((const char *)path) + length >= UTOX_FILE_NAME_LENGTH) {
data/utox-0.17.2/src/xlib/filesys.c:164:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf((char *)path + strlen((const char *)path), UTOX_FILE_NAME_LENGTH - strlen((const char *)path), "%.*s",
data/utox-0.17.2/src/xlib/filesys.c:164:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf((char *)path + strlen((const char *)path), UTOX_FILE_NAME_LENGTH - strlen((const char *)path), "%.*s",
data/utox-0.17.2/src/xlib/gtk.c:316:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg->via.ft.path_length = strlen(name);
data/utox-0.17.2/src/xlib/main.c:224:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000 * ms);
data/utox-0.17.2/src/xlib/mmenu.c:130:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)f_name_data, (char *)f_name, TOX_MAX_NAME_LENGTH);
data/utox-0.17.2/tests/mock/mock_filesys.c:18:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((const char *)path) + length >= UTOX_FILE_NAME_LENGTH) {
data/utox-0.17.2/tests/mock/mock_filesys.c:22:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf((char *)path + strlen((const char *)path), UTOX_FILE_NAME_LENGTH - strlen((const char *)path), "%.*s",
data/utox-0.17.2/tests/mock/mock_filesys.c:22:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf((char *)path + strlen((const char *)path), UTOX_FILE_NAME_LENGTH - strlen((const char *)path), "%.*s",
data/utox-0.17.2/tests/mock/mock_system_calls.c:5:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(ms * 1000);
data/utox-0.17.2/tests/test_chatlog.c:42:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msg_length = strlen("This is a test message.");
ANALYSIS SUMMARY:
Hits = 438
Lines analyzed = 52460 in approximately 1.16 seconds (45357 lines/second)
Physical Source Lines of Code (SLOC) = 37976
Hits@level = [0] 105 [1] 90 [2] 310 [3] 12 [4] 25 [5] 1
Hits@level+ = [0+] 543 [1+] 438 [2+] 348 [3+] 38 [4+] 26 [5+] 1
Hits/KSLOC@level+ = [0+] 14.2985 [1+] 11.5336 [2+] 9.16368 [3+] 1.00063 [4+] 0.684643 [5+] 0.0263324
Dot directories skipped = 3 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.