hfiref0x

## gist:c5d427a6e3b67ed70ede9d34def329a2
akagi	(uacme)
akatsuki	(uacme)
aoba (dsefix)
fubuki	(uacme)
furutaka	(tdl)
harasume	(zeroaccess)
hibiki	(uacme)
ikazuchi	(uacme)
inazuma	(uacme)
isonami	(sxsexp)

## log.txt
/Build/vlc-3.0.6/include/vlc_arrays.h	347	warn	V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'pp' is lost. Consider assigning realloc() to a temporary pointer.
/Build/vlc-3.0.6/include/vlc_arrays.h	532	warn	V522 There might be dereferencing of a potential null pointer 'p_entry'. Check lines: 532, 531.
/Build/vlc-3.0.6/include/vlc_charset.h	271	warn	V769 The 'utf8' pointer in the 'utf8 ++' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 271, 261.
/Build/vlc-3.0.6/include/vlc_vlm.h	238	warn	V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'p_dst->ppsz_input' is lost. Consider assigning realloc() to a temporary pointer.
/Build/vlc-3.0.6/include/vlc_vlm.h	240	warn	V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'p_dst->ppsz_option' is lost. Consider assigning realloc() to a temporary pointer.
/Build/vlc-3.0.6/src/config/

## log.txt
/Build/cmake/Source/kwsys/ProcessUNIX.c	378	err	V595 The 'cp->Commands' pointer was utilized before it was verified against nullptr. Check lines: 378, 381.
/Build/cmake/Source/kwsys/Terminal.c	62	warn	V560 A part of conditional expression is always true: !pipeIsConsole.
/Build/cmake/Source/kwsys/System.c	31	err	V1028 Possible overflow. Consider casting operands of the '* size * 2' operator to the 'size_t' type, not the result.
/Build/cmake/Source/cmsys/RegularExpression.hxx	409	warn	V730 Not all members of a class are initialized inside the constructor. Consider inspecting: regstart, reganch, regmust, regmlen, progsize.
/Build/cmake/Source/kwsys/RegularExpression.cxx	260	err	V536 Be advised that the utilized constant value is represented by an octal form. Oct: 0234, Dec: 156.
/Build/cmake/Source/kwsys/SystemTools.cxx	851	warn	V769 The 'orig' pointer in the 'searchPos - src + orig' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 851, 849.
/Bu

## log.txt
mimikatz\mimikatz\mimikatz.c (182): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: '(match + 2 - argv[0])'.
mimikatz\mimikatz\modules\dpapi\kuhl_m_dpapi.c (424): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: '(wcslen(convertedSid) + 1)'.
mimikatz\mimikatz\modules\dpapi\kuhl_m_dpapi.c (397): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 'wcslen(szPassword)'.
mimikatz\mimikatz\modules\dpapi\kuhl_m_dpapi_oe.c (135): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 'wcslen(entry->data.sid)'.
mimikatz\mimikatz\modules\dpapi\kuhl_m_dpapi_oe.c (142): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 'wcslen(password)'.
mimikatz\mimikatz\modules\kuhl_m_crypto.c (862): error V220: Suspicious sequence of typ

## log.txt
/cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h	143	err	V576 Incorrect format. Consider checking the third actual argument of the 'sprintf' function. The memsize type argument is expected.
/cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h	145	err	V576 Incorrect format. Consider checking the third actual argument of the 'sscanf' function. A pointer to the signed long type is expected.
/cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h	145	err	V576 Incorrect format. Consider checking the second actual argument of the 'printf' function. The memsize type argument is expected.
/cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h	145	err	V576 Incorrect format. Consider checking the third actual argument of the 'printf' function. The memsize type argument is expected.
/cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h	147	err	V576 Incorrect format. Consider checking the third actual argument of the 'sprintf' function. The memsize type argument is expected.
/cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h	1

## log.txt
/Build/ffmpeg/libavdevice/fbdev_common.c	128	warn	V547 Expression 'fd >= 0' is always true.
/Build/ffmpeg/libavdevice/sndio.c	106	warn	V547 Expression 'hdl' is always true.
/Build/ffmpeg/libavdevice/xcbgrab.c	637	warn	V576 Incorrect format. Consider checking the third actual argument of the 'sscanf' function. It's dangerous to use string specifier without width specification. Buffer overflow is possible.
/Build/ffmpeg/libavfilter/af_acrossover.c	191	warn	V614 Potentially uninitialized variable 'q' used. Consider checking the third actual argument of the 'set_lp' function.
/Build/ffmpeg/libavfilter/af_aecho.c	227	err	V573 Uninitialized variable 'index' was used. The variable was used to initialize itself.
/Build/ffmpeg/libavfilter/af_aecho.c	228	err	V573 Uninitialized variable 'index' was used. The variable was used to initialize itself.
/Build/ffmpeg/libavfilter/af_aecho.c	229	err	V573 Uninitialized variable 'index' was used. The variable was used to initialize itself.
/Build/ffmpeg/libavfilter/af_aecho.c	230

## log.txt
/Build/LibVNCServer/test/encodingstest.c	195	warn	V522 There might be dereferencing of a potential null pointer 'cd'. Check lines: 195, 189.
/Build/LibVNCServer/test/encodingstest.c	198	warn	V575 The potential null pointer is passed into 'sprintf' function. Inspect the first argument. Check lines: 198, 197.
/Build/LibVNCServer/test/encodingstest.c	287	warn	V522 There might be dereferencing of a potential null pointer 'server->frameBuffer'. Check lines: 287, 284.
/Build/LibVNCServer/client_examples/vnc2mpg.c	342	warn	V1004 The 'video_st' pointer was used unsafely after it was verified against nullptr. Check lines: 336, 342.
/Build/LibVNCServer/client_examples/vnc2mpg.c	360	warn	V707 Giving short names to global variables is considered to be bad practice. It is suggested to rename 'oc' variable.
/Build/LibVNCServer/examples/example.c	158	warn	V519 The 'cd->oldButton' variable is assigned values twice successively. Perhaps this is a mistake. Check lines: 156, 158.
/Build/LibVNCServer/examples/example.c	271	warn

## log.txt
/Build/nginx-1.15.8/src/core/ngx_log.c	335	err	V547 Expression 'nlen == 0' is always false.
/Build/nginx-1.15.8/src/core/ngx_inet.c	792	warn	V641 The size of the '& u->sockaddr' buffer is not a multiple of the element size of the type 'struct sockaddr_in'.
/Build/nginx-1.15.8/src/core/ngx_inet.c	952	warn	V641 The size of the '& u->sockaddr' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'.
/Build/nginx-1.15.8/src/core/ngx_inet.c	962	warn	V641 The size of the '& u->sockaddr' buffer is not a multiple of the element size of the type 'struct sockaddr_in'.
/Build/nginx-1.15.8/src/core/ngx_inet.c	985	warn	V641 The size of the '& u->sockaddr' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'.
/Build/nginx-1.15.8/src/core/ngx_file.c	477	err	V536 Be advised that the utilized constant value is represented by an octal form. Oct: 0600, Dec: 384.
/Build/nginx-1.15.8/src/core/ngx_resolver.c	1673	err	V1028 Possible overflow. Consider casting operands of the '2 + qle

## log.txt
/Build/openssl-1.1.0f/crypto/asn1/a_gentm.c	116	warn	V560 A part of conditional expression is always false: (n < min[i]).
/Build/openssl-1.1.0f/crypto/asn1/a_int.c	547	warn	V560 A part of conditional expression is always false: r > 0x7fffffffffffffffL.
/Build/openssl-1.1.0f/crypto/asn1/a_int.c	547	warn	V560 A part of conditional expression is always false: r < (- 0x7fffffffffffffffL - 1L).
/Build/openssl-1.1.0f/crypto/asn1/a_int.c	590	warn	V560 A part of conditional expression is always false: r > 0x7fffffffffffffffL.
/Build/openssl-1.1.0f/crypto/asn1/a_int.c	590	warn	V560 A part of conditional expression is always false: r < (- 0x7fffffffffffffffL - 1L).
/Build/openssl-1.1.0f/crypto/asn1/a_utctm.c	90	warn	V560 A part of conditional expression is always false: (n < min[i]).
/Build/openssl-1.1.0f/crypto/asn1/asn1_gen.c	597	warn	V560 A part of conditional expression is always true: str.
/Build/openssl-1.1.0f/crypto/asn1/asn1_par.c	236	warn	V547 Expression '!nl' is always true.
/Build/openssl-1.1.0f/crypto/asn1/

## log.txt
/Build/Transmission/build/third-party/utp/src/utp/utypes.h	10	warn	V677 Custom declaration of a standard 'uint' type. The declaration from system header files should be used instead.
/Build/Transmission/build/third-party/utp/src/utp/templates.h	116	warn	V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'mem' is lost. Consider assigning realloc() to a temporary pointer.
/Build/Transmission/build/third-party/utp/src/utp/utp.cpp	163	err	V512 A call of the 'memset' function will lead to underflow of the buffer 'sin'.
/Build/Transmission/build/third-party/utp/src/utp/utp.cpp	168	warn	V641 The size of the '& sa' buffer is not a multiple of the element size of the type 'sockaddr_in6'.
/Build/Transmission/build/third-party/utp/src/utp/utp.cpp	378	warn	V522 There might be dereferencing of a potential null pointer 'buf'. Check lines: 378, 372.
/Build/Transmission/build/third-party/utp/src/utp/templates.h	116	warn	V701 Instantiation of Array < RST_Info >: realloc() possible leak:
	akagi (uacme)
	akatsuki (uacme)
	aoba (dsefix)
	fubuki (uacme)
	furutaka (tdl)
	harasume (zeroaccess)
	hibiki (uacme)
	ikazuchi (uacme)
	inazuma (uacme)
	isonami (sxsexp)
	/Build/vlc-3.0.6/include/vlc_arrays.h 347 warn V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'pp' is lost. Consider assigning realloc() to a temporary pointer.
	/Build/vlc-3.0.6/include/vlc_arrays.h 532 warn V522 There might be dereferencing of a potential null pointer 'p_entry'. Check lines: 532, 531.
	/Build/vlc-3.0.6/include/vlc_charset.h 271 warn V769 The 'utf8' pointer in the 'utf8 ++' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 271, 261.
	/Build/vlc-3.0.6/include/vlc_vlm.h 238 warn V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'p_dst->ppsz_input' is lost. Consider assigning realloc() to a temporary pointer.
	/Build/vlc-3.0.6/include/vlc_vlm.h 240 warn V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'p_dst->ppsz_option' is lost. Consider assigning realloc() to a temporary pointer.
	/Build/vlc-3.0.6/src/config/
	/Build/cmake/Source/kwsys/ProcessUNIX.c 378 err V595 The 'cp->Commands' pointer was utilized before it was verified against nullptr. Check lines: 378, 381.
	/Build/cmake/Source/kwsys/Terminal.c 62 warn V560 A part of conditional expression is always true: !pipeIsConsole.
	/Build/cmake/Source/kwsys/System.c 31 err V1028 Possible overflow. Consider casting operands of the '* size * 2' operator to the 'size_t' type, not the result.
	/Build/cmake/Source/cmsys/RegularExpression.hxx 409 warn V730 Not all members of a class are initialized inside the constructor. Consider inspecting: regstart, reganch, regmust, regmlen, progsize.
	/Build/cmake/Source/kwsys/RegularExpression.cxx 260 err V536 Be advised that the utilized constant value is represented by an octal form. Oct: 0234, Dec: 156.
	/Build/cmake/Source/kwsys/SystemTools.cxx 851 warn V769 The 'orig' pointer in the 'searchPos - src + orig' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 851, 849.
	/Bu
	mimikatz\mimikatz\mimikatz.c (182): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: '(match + 2 - argv[0])'.
	mimikatz\mimikatz\modules\dpapi\kuhl_m_dpapi.c (424): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: '(wcslen(convertedSid) + 1)'.
	mimikatz\mimikatz\modules\dpapi\kuhl_m_dpapi.c (397): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 'wcslen(szPassword)'.
	mimikatz\mimikatz\modules\dpapi\kuhl_m_dpapi_oe.c (135): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 'wcslen(entry->data.sid)'.
	mimikatz\mimikatz\modules\dpapi\kuhl_m_dpapi_oe.c (142): error V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 'wcslen(password)'.
	mimikatz\mimikatz\modules\kuhl_m_crypto.c (862): error V220: Suspicious sequence of typ
	/cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 143 err V576 Incorrect format. Consider checking the third actual argument of the 'sprintf' function. The memsize type argument is expected.
	/cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 145 err V576 Incorrect format. Consider checking the third actual argument of the 'sscanf' function. A pointer to the signed long type is expected.
	/cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 145 err V576 Incorrect format. Consider checking the second actual argument of the 'printf' function. The memsize type argument is expected.
	/cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 145 err V576 Incorrect format. Consider checking the third actual argument of the 'printf' function. The memsize type argument is expected.
	/cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 147 err V576 Incorrect format. Consider checking the third actual argument of the 'sprintf' function. The memsize type argument is expected.
	/cmake-3.2.2/Utilities/KWIML/test/test_INT_format.h 1
	/Build/ffmpeg/libavdevice/fbdev_common.c 128 warn V547 Expression 'fd >= 0' is always true.
	/Build/ffmpeg/libavdevice/sndio.c 106 warn V547 Expression 'hdl' is always true.
	/Build/ffmpeg/libavdevice/xcbgrab.c 637 warn V576 Incorrect format. Consider checking the third actual argument of the 'sscanf' function. It's dangerous to use string specifier without width specification. Buffer overflow is possible.
	/Build/ffmpeg/libavfilter/af_acrossover.c 191 warn V614 Potentially uninitialized variable 'q' used. Consider checking the third actual argument of the 'set_lp' function.
	/Build/ffmpeg/libavfilter/af_aecho.c 227 err V573 Uninitialized variable 'index' was used. The variable was used to initialize itself.
	/Build/ffmpeg/libavfilter/af_aecho.c 228 err V573 Uninitialized variable 'index' was used. The variable was used to initialize itself.
	/Build/ffmpeg/libavfilter/af_aecho.c 229 err V573 Uninitialized variable 'index' was used. The variable was used to initialize itself.
	/Build/ffmpeg/libavfilter/af_aecho.c 230
	/Build/LibVNCServer/test/encodingstest.c 195 warn V522 There might be dereferencing of a potential null pointer 'cd'. Check lines: 195, 189.
	/Build/LibVNCServer/test/encodingstest.c 198 warn V575 The potential null pointer is passed into 'sprintf' function. Inspect the first argument. Check lines: 198, 197.
	/Build/LibVNCServer/test/encodingstest.c 287 warn V522 There might be dereferencing of a potential null pointer 'server->frameBuffer'. Check lines: 287, 284.
	/Build/LibVNCServer/client_examples/vnc2mpg.c 342 warn V1004 The 'video_st' pointer was used unsafely after it was verified against nullptr. Check lines: 336, 342.
	/Build/LibVNCServer/client_examples/vnc2mpg.c 360 warn V707 Giving short names to global variables is considered to be bad practice. It is suggested to rename 'oc' variable.
	/Build/LibVNCServer/examples/example.c 158 warn V519 The 'cd->oldButton' variable is assigned values twice successively. Perhaps this is a mistake. Check lines: 156, 158.
	/Build/LibVNCServer/examples/example.c 271 warn
	/Build/nginx-1.15.8/src/core/ngx_log.c 335 err V547 Expression 'nlen == 0' is always false.
	/Build/nginx-1.15.8/src/core/ngx_inet.c 792 warn V641 The size of the '& u->sockaddr' buffer is not a multiple of the element size of the type 'struct sockaddr_in'.
	/Build/nginx-1.15.8/src/core/ngx_inet.c 952 warn V641 The size of the '& u->sockaddr' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'.
	/Build/nginx-1.15.8/src/core/ngx_inet.c 962 warn V641 The size of the '& u->sockaddr' buffer is not a multiple of the element size of the type 'struct sockaddr_in'.
	/Build/nginx-1.15.8/src/core/ngx_inet.c 985 warn V641 The size of the '& u->sockaddr' buffer is not a multiple of the element size of the type 'struct sockaddr_in6'.
	/Build/nginx-1.15.8/src/core/ngx_file.c 477 err V536 Be advised that the utilized constant value is represented by an octal form. Oct: 0600, Dec: 384.
	/Build/nginx-1.15.8/src/core/ngx_resolver.c 1673 err V1028 Possible overflow. Consider casting operands of the '2 + qle
	/Build/openssl-1.1.0f/crypto/asn1/a_gentm.c 116 warn V560 A part of conditional expression is always false: (n < min[i]).
	/Build/openssl-1.1.0f/crypto/asn1/a_int.c 547 warn V560 A part of conditional expression is always false: r > 0x7fffffffffffffffL.
	/Build/openssl-1.1.0f/crypto/asn1/a_int.c 547 warn V560 A part of conditional expression is always false: r < (- 0x7fffffffffffffffL - 1L).
	/Build/openssl-1.1.0f/crypto/asn1/a_int.c 590 warn V560 A part of conditional expression is always false: r > 0x7fffffffffffffffL.
	/Build/openssl-1.1.0f/crypto/asn1/a_int.c 590 warn V560 A part of conditional expression is always false: r < (- 0x7fffffffffffffffL - 1L).
	/Build/openssl-1.1.0f/crypto/asn1/a_utctm.c 90 warn V560 A part of conditional expression is always false: (n < min[i]).
	/Build/openssl-1.1.0f/crypto/asn1/asn1_gen.c 597 warn V560 A part of conditional expression is always true: str.
	/Build/openssl-1.1.0f/crypto/asn1/asn1_par.c 236 warn V547 Expression '!nl' is always true.
	/Build/openssl-1.1.0f/crypto/asn1/
	/Build/Transmission/build/third-party/utp/src/utp/utypes.h 10 warn V677 Custom declaration of a standard 'uint' type. The declaration from system header files should be used instead.
	/Build/Transmission/build/third-party/utp/src/utp/templates.h 116 warn V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer 'mem' is lost. Consider assigning realloc() to a temporary pointer.
	/Build/Transmission/build/third-party/utp/src/utp/utp.cpp 163 err V512 A call of the 'memset' function will lead to underflow of the buffer 'sin'.
	/Build/Transmission/build/third-party/utp/src/utp/utp.cpp 168 warn V641 The size of the '& sa' buffer is not a multiple of the element size of the type 'sockaddr_in6'.
	/Build/Transmission/build/third-party/utp/src/utp/utp.cpp 378 warn V522 There might be dereferencing of a potential null pointer 'buf'. Check lines: 378, 372.
	/Build/Transmission/build/third-party/utp/src/utp/templates.h 116 warn V701 Instantiation of Array < RST_Info >: realloc() possible leak: