Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/win32-loader-0.10.2/helpers/miniz/main.c Examining data/win32-loader-0.10.2/helpers/miniz/miniz.c Examining data/win32-loader-0.10.2/helpers/miniz/miniz.h Examining data/win32-loader-0.10.2/helpers/miniz/miniz_common.h Examining data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c Examining data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.h Examining data/win32-loader-0.10.2/helpers/miniz/miniz_tinfl.h Examining data/win32-loader-0.10.2/helpers/sha256/sha256.c Examining data/win32-loader-0.10.2/l10n/win32-loader.c FINAL RESULTS: data/win32-loader-0.10.2/helpers/miniz/miniz.c:29:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char mz_validate_uint16[sizeof(mz_uint16) == 2 ? 1 : -1]; data/win32-loader-0.10.2/helpers/miniz/miniz.c:30:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char mz_validate_uint32[sizeof(mz_uint32) == 4 ? 1 : -1]; data/win32-loader-0.10.2/helpers/miniz/miniz.c:31:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char mz_validate_uint64[sizeof(mz_uint64) == 8 ? 1 : -1]; data/win32-loader-0.10.2/helpers/miniz/miniz.c:486:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n); data/win32-loader-0.10.2/helpers/miniz/miniz.c:511:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n); data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:359:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(code_sizes_to_pack, &d->m_huff_code_sizes[0][0], num_lit_codes); data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:360:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(code_sizes_to_pack + num_lit_codes, &d->m_huff_code_sizes[1][0], num_dist_codes); data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:722:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf, bytes_to_copy); data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:744:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ret, p, sizeof(mz_uint16)); data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:750:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ret, p, sizeof(mz_uint16)); data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:860:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ret, p, sizeof(mz_uint32)); data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:884:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d->m_dict + dst_pos, d->m_pSrc, n); data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:886:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d->m_dict + TDEFL_LZ_DICT_SIZE + dst_pos, d->m_pSrc, MZ_MIN(n, (TDEFL_MAX_MATCH_LEN - 1) - dst_pos)); data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:936:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pLZ_code_buf[1], &cur_match_dist, sizeof(cur_match_dist)); data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:1238:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf + d->m_output_flush_ofs, n); data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:1410:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((mz_uint8 *)p->m_pBuf + p->m_size, pBuf, len); data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:1534:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out_buf.m_pBuf, pnghdr, 41); data/win32-loader-0.10.2/helpers/sha256/sha256.c:68:5: [2] (buffer) CopyMemory: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. CopyMemory(context->block + n, p, r); data/win32-loader-0.10.2/helpers/sha256/sha256.c:99:5: [2] (buffer) CopyMemory: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. CopyMemory(context->block, p, n); data/win32-loader-0.10.2/helpers/sha256/sha256.c:121:3: [2] (buffer) CopyMemory: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. CopyMemory(hash, context->hash, sizeof((*context).hash)); ANALYSIS SUMMARY: Hits = 20 Lines analyzed = 3557 in approximately 0.15 seconds (24060 lines/second) Physical Source Lines of Code (SLOC) = 2596 Hits@level = [0] 6 [1] 0 [2] 20 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 26 [1+] 20 [2+] 20 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 10.0154 [1+] 7.70416 [2+] 7.70416 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.