Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/zmat-0.9.8+ds/include/zmatlib.h
Examining data/zmat-0.9.8+ds/src/easylzma/common_internal.c
Examining data/zmat-0.9.8+ds/src/easylzma/common_internal.h
Examining data/zmat-0.9.8+ds/src/easylzma/compress.c
Examining data/zmat-0.9.8+ds/src/easylzma/decompress.c
Examining data/zmat-0.9.8+ds/src/easylzma/easylzma/common.h
Examining data/zmat-0.9.8+ds/src/easylzma/easylzma/compress.h
Examining data/zmat-0.9.8+ds/src/easylzma/easylzma/decompress.h
Examining data/zmat-0.9.8+ds/src/easylzma/lzip_header.c
Examining data/zmat-0.9.8+ds/src/easylzma/lzip_header.h
Examining data/zmat-0.9.8+ds/src/easylzma/lzma_header.c
Examining data/zmat-0.9.8+ds/src/easylzma/lzma_header.h
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/7zBuf.c
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/7zBuf.h
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/7zBuf2.c
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/7zCrc.c
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/7zCrc.h
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/7zFile.c
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/7zFile.h
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/7zStream.c
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/7zVersion.h
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/Alloc.c
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/Alloc.h
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/Bcj2.c
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/Bcj2.h
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/Bra.c
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/Bra.h
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/Bra86.c
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/BraIA64.c
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/CpuArch.h
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/LzFind.c
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/LzFind.h
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/LzHash.h
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaDec.c
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaDec.h
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.h
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaLib.c
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaLib.h
Examining data/zmat-0.9.8+ds/src/easylzma/pavlov/Types.h
Examining data/zmat-0.9.8+ds/src/lz4/lz4.c
Examining data/zmat-0.9.8+ds/src/lz4/lz4.h
Examining data/zmat-0.9.8+ds/src/lz4/lz4hc.c
Examining data/zmat-0.9.8+ds/src/lz4/lz4hc.h
Examining data/zmat-0.9.8+ds/src/zmat.cpp
Examining data/zmat-0.9.8+ds/src/zmatlib.c
Examining data/zmat-0.9.8+ds/test/c/testzmat.c
FINAL RESULTS:
data/zmat-0.9.8+ds/src/lz4/lz4.c:231:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, __FILE__ ": "); \
data/zmat-0.9.8+ds/src/lz4/lz4.c:232:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, __VA_ARGS__); \
data/zmat-0.9.8+ds/src/easylzma/decompress.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[ELZMA_DECOMPRESS_INPUT_BUFSIZE];
data/zmat-0.9.8+ds/src/easylzma/decompress.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[ELZMA_DECOMPRESS_OUTPUT_BUFSIZE];
data/zmat-0.9.8+ds/src/easylzma/decompress.c:120:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char propsBuf[13];
data/zmat-0.9.8+ds/src/easylzma/pavlov/7zBuf2.c:30:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, p->data, p->pos);
data/zmat-0.9.8+ds/src/easylzma/pavlov/7zBuf2.c:34:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->data + p->pos, buf, size);
data/zmat-0.9.8+ds/src/easylzma/pavlov/7zFile.c:47:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
p->file = fopen(name, writeMode ? "wb+" : "rb");
data/zmat-0.9.8+ds/src/easylzma/pavlov/7zStream.c:46:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, lookBuf, *size);
data/zmat-0.9.8+ds/src/easylzma/pavlov/7zStream.c:121:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p->buf + p->pos, rem);
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaDec.c:789:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->tempBuf, src, inSize);
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaDec.c:877:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, p->dic + dicPos, outSizeCur);
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:242:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, p->data, curSize);
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:365:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isMatch[i], p->isMatch[i], sizeof(p->isMatch[i]));
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:366:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep0Long[i], p->isRep0Long[i], sizeof(p->isRep0Long[i]));
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:369:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posSlotEncoder[i], p->posSlotEncoder[i], sizeof(p->posSlotEncoder[i]));
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:370:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep, p->isRep, sizeof(p->isRep));
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:371:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG0, p->isRepG0, sizeof(p->isRepG0));
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:372:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG1, p->isRepG1, sizeof(p->isRepG1));
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:373:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG2, p->isRepG2, sizeof(p->isRepG2));
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:374:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posEncoders, p->posEncoders, sizeof(p->posEncoders));
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:375:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posAlignEncoder, p->posAlignEncoder, sizeof(p->posAlignEncoder));
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:376:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->reps, p->reps, sizeof(p->reps));
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:377:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->litProbs, p->litProbs, (0x300 << p->lclp) * sizeof(CLzmaProb));
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:391:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isMatch[i], p->isMatch[i], sizeof(p->isMatch[i]));
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:392:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep0Long[i], p->isRep0Long[i], sizeof(p->isRep0Long[i]));
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:395:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posSlotEncoder[i], p->posSlotEncoder[i], sizeof(p->posSlotEncoder[i]));
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:396:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep, p->isRep, sizeof(p->isRep));
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:397:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG0, p->isRepG0, sizeof(p->isRepG0));
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:398:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG1, p->isRepG1, sizeof(p->isRepG1));
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:399:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG2, p->isRepG2, sizeof(p->isRepG2));
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:400:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posEncoders, p->posEncoders, sizeof(p->posEncoders));
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:401:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posAlignEncoder, p->posAlignEncoder, sizeof(p->posAlignEncoder));
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:402:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->reps, p->reps, sizeof(p->reps));
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:403:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->litProbs, p->litProbs, (0x300 << dest->lclp) * sizeof(CLzmaProb));
data/zmat-0.9.8+ds/src/easylzma/pavlov/LzmaEnc.c:2116:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->data, data, size);
data/zmat-0.9.8+ds/src/lz4/lz4.c:325:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memPtr, &value, sizeof(value));
data/zmat-0.9.8+ds/src/lz4/lz4.c:330:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memPtr, &value, sizeof(value));
data/zmat-0.9.8+ds/src/lz4/lz4.c:365:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
do { memcpy(d,s,8); d+=8; s+=8; } while (d<e);
data/zmat-0.9.8+ds/src/lz4/lz4.c:396:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstPtr+4, srcPtr, 4);
data/zmat-0.9.8+ds/src/lz4/lz4.c:400:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstPtr, srcPtr, 8);
data/zmat-0.9.8+ds/src/lz4/lz4.c:418:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
do { memcpy(d,s,16); memcpy(d+16,s+16,16); d+=32; s+=32; } while (d<e);
data/zmat-0.9.8+ds/src/lz4/lz4.c:418:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
do { memcpy(d,s,16); memcpy(d+16,s+16,16); d+=32; s+=32; } while (d<e);
data/zmat-0.9.8+ds/src/lz4/lz4.c:437:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v, srcPtr, 2);
data/zmat-0.9.8+ds/src/lz4/lz4.c:438:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v[2], srcPtr, 2);
data/zmat-0.9.8+ds/src/lz4/lz4.c:439:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v[4], &v[0], 4);
data/zmat-0.9.8+ds/src/lz4/lz4.c:442:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v, srcPtr, 4);
data/zmat-0.9.8+ds/src/lz4/lz4.c:443:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v[4], srcPtr, 4);
data/zmat-0.9.8+ds/src/lz4/lz4.c:450:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstPtr, v, 8);
data/zmat-0.9.8+ds/src/lz4/lz4.c:453:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstPtr, v, 8);
data/zmat-0.9.8+ds/src/lz4/lz4.c:1165:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, anchor, lastRun);
data/zmat-0.9.8+ds/src/lz4/lz4.c:1541:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(streamPtr, streamPtr->dictCtx, sizeof(LZ4_stream_t));
data/zmat-0.9.8+ds/src/lz4/lz4.c:1749:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, ip, 16);
data/zmat-0.9.8+ds/src/lz4/lz4.c:1753:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, ip, 8);
data/zmat-0.9.8+ds/src/lz4/lz4.c:1754:39: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (length > 8) { memcpy(op+8, ip+8, 8); }
data/zmat-0.9.8+ds/src/lz4/lz4.c:1790:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, match, 8);
data/zmat-0.9.8+ds/src/lz4/lz4.c:1791:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op+8, match+8, 8);
data/zmat-0.9.8+ds/src/lz4/lz4.c:1792:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op+16, match+16, 2);
data/zmat-0.9.8+ds/src/lz4/lz4.c:1815:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, dictEnd - copySize, copySize);
data/zmat-0.9.8+ds/src/lz4/lz4.c:1822:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, lowPrefix, restSize);
data/zmat-0.9.8+ds/src/lz4/lz4.c:1863:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, ip, endOnInput ? 16 : 8);
data/zmat-0.9.8+ds/src/lz4/lz4.c:1878:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op + 0, match + 0, 8);
data/zmat-0.9.8+ds/src/lz4/lz4.c:1879:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op + 8, match + 8, 8);
data/zmat-0.9.8+ds/src/lz4/lz4.c:1880:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op +16, match +16, 2);
data/zmat-0.9.8+ds/src/lz4/lz4.c:1993:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, dictEnd - copySize, copySize);
data/zmat-0.9.8+ds/src/lz4/lz4.c:2000:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, lowPrefix, restSize);
data/zmat-0.9.8+ds/src/lz4/lz4.c:2019:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, match, mlen);
data/zmat-0.9.8+ds/src/lz4/lz4.c:2033:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op+4, match, 4);
data/zmat-0.9.8+ds/src/lz4/lz4.c:2036:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, match, 8);
data/zmat-0.9.8+ds/src/lz4/lz4.c:2051:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, match, 8);
data/zmat-0.9.8+ds/src/lz4/lz4hc.c:732:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, anchor, lastRunSize);
data/zmat-0.9.8+ds/src/lz4/lz4hc.c:854:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx, ctx->dictCtx, sizeof(LZ4HC_CCtx_internal));
data/zmat-0.9.8+ds/src/lz4/lz4hc.c:1524:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, anchor, lastRunSize);
data/zmat-0.9.8+ds/src/zmat.cpp:92:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if((zipid=(TZipMethod)zmat_keylookup((char *)mxArrayToString(prhs[2]), zipmethods))<0)
data/zmat-0.9.8+ds/src/zmat.cpp:103:64: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char * inputstr=(mxIsChar(prhs[0])? (unsigned char *)mxArrayToString(prhs[0]) : (unsigned char *)mxGetData(prhs[0]));
data/zmat-0.9.8+ds/src/zmat.cpp:103:108: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char * inputstr=(mxIsChar(prhs[0])? (unsigned char *)mxArrayToString(prhs[0]) : (unsigned char *)mxGetData(prhs[0]));
data/zmat-0.9.8+ds/src/zmat.cpp:118:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((unsigned char*)mxGetPr(plhs[0]),outputbuf,buflen[1]);
data/zmat-0.9.8+ds/src/zmat.cpp:133:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mxGetPr(val),inputsize,inputdim[1]*sizeof(unsigned int));
data/zmat-0.9.8+ds/src/zmatlib.c:177:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*outputbuf=(unsigned char *)malloc(buflen[0]);
data/zmat-0.9.8+ds/src/zmatlib.c:240:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*outputbuf=(unsigned char *)malloc(buflen[0]);
data/zmat-0.9.8+ds/src/zmatlib.c:249:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*outputbuf=(unsigned char *)realloc(*outputbuf, (buflen[0]<<count));
data/zmat-0.9.8+ds/src/zmatlib.c:340:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key,origkey,strlen(origkey)+1);
data/zmat-0.9.8+ds/src/zmatlib.c:377:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char base64_table[65] =
data/zmat-0.9.8+ds/src/zmatlib.c:465:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dtable[256], *out, *pos, block[4], tmp;
data/zmat-0.9.8+ds/src/zmatlib.c:551:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, (void *) ds->inData, rd);
data/zmat-0.9.8+ds/src/zmatlib.c:573:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) (ds->outData + ds->outLen), buf, size);
data/zmat-0.9.8+ds/src/zmatlib.c:339:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *key=(char *)malloc(strlen(origkey)+1);
data/zmat-0.9.8+ds/src/zmatlib.c:340:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(key,origkey,strlen(origkey)+1);
data/zmat-0.9.8+ds/test/c/testzmat.c:39:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret=zmat_run(strlen(test[0]),(unsigned char*)test[0], &compressedlen, &compressed, zmZlib, &status, -9);
ANALYSIS SUMMARY:
Hits = 89
Lines analyzed = 13755 in approximately 0.38 seconds (36645 lines/second)
Physical Source Lines of Code (SLOC) = 9505
Hits@level = [0] 21 [1] 3 [2] 84 [3] 0 [4] 2 [5] 0
Hits@level+ = [0+] 110 [1+] 89 [2+] 86 [3+] 2 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 11.5729 [1+] 9.36349 [2+] 9.04787 [3+] 0.210416 [4+] 0.210416 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.