Compiler V3 #39
Compiler V3 #39
6 new issues (0 max.) of at least minor severity.
Annotations
Check notice on line 130 in src/cli/main.c
codacy-production / Codacy Static Code Analysis
src/cli/main.c#L130
Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362).
Check warning on line 130 in src/cli/main.c
codacy-production / Codacy Static Code Analysis
src/cli/main.c#L130
Usage of the `open` family of functions may hint at a potential Time Of Check Time Of Use (TOCTOU) vulnerability.
Check notice on line 55 in src/compiler/pe/pe.c
codacy-production / Codacy Static Code Analysis
src/compiler/pe/pe.c#L55
Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data.
Check failure on line 55 in src/compiler/pe/pe.c
codacy-production / Codacy Static Code Analysis
src/compiler/pe/pe.c#L55
The `memcpy` family of functions require the developer to validate that the destination buffer is the same size or larger than the source buffer.
Check notice on line 50 in src/compiler/utils.c
codacy-production / Codacy Static Code Analysis
src/compiler/utils.c#L50
Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126).
Check failure on line 50 in src/compiler/utils.c
codacy-production / Codacy Static Code Analysis
src/compiler/utils.c#L50
The `strlen` family of functions does not handle strings that are not null terminated.