Home / upx / upx
Repository Analysis

upx/upx

UPX - the Ultimate Packer for eXecutables

2.2 Likely human-written View on GitHub
2.2
Adjusted Score
2.2
Raw Score
100%
Time Factor
2026-05-29
Last Push
17,537
Stars
C++
Language
189,206
Lines of Code
361
Files
532
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 0HIGH 0MEDIUM 10LOW 522

Pattern Findings

532 matches across 7 categories. Click a row to expand file-level details.

Over-Commented Block505 hits · 370 pts
SeverityFileLineSnippet
LOWCMakeLists.txt1#
LOWmisc/podman/rebuild-stubs/20-image-run-shell.sh41fi
LOWmisc/podman/rebuild-stubs/20-image-run-shell.sh61# ./build/extra/gcc/release/upx --version
LOWmisc/podman/rebuild-stubs/20-image-run-shell.sh81# cd /home/upx/src/upx/doc
LOWmisc/testsuite/upx_testsuite_1.sh1#! /usr/bin/env bash
LOWmisc/testsuite/mimic_ctest_sigsegv.sh1#! /usr/bin/env bash
LOWmisc/testsuite/mimic_ctest.sh1#! /usr/bin/env bash
LOWmisc/testsuite/test_symlinks.sh1#! /usr/bin/env bash
LOW.github/workflows/github-close-stale-issues.yml1# Copyright (C) Markus Franz Xaver Johannes Oberhumer
LOWsrc/p_w32pe_i386.cpp161
LOWsrc/p_ps1.cpp41static const CLANG_FORMAT_DUMMY_STATEMENT
LOWsrc/p_ps1.cpp61#define MIPS_LO(a) ((a) &0xffff)
LOWsrc/p_ps1.cpp341#define REG1(x) (((x) >> 5) & 0x1f)
LOWsrc/version.h1#pragma once
LOWsrc/bele_policy.h221#error "ACC_ABI_ENDIAN"
LOWsrc/bele.h281#if (ACC_ABI_BIG_ENDIAN)
LOWsrc/bele.h1101#define ne32_compare_signed be32_compare_signed
LOWsrc/help.cpp41static constexpr int has_declspec_attribute = 1;
LOWsrc/help.cpp61#else
LOWsrc/help.cpp501 fprintf(f, "bzip2 data compression library %s\n", v);
LOWsrc/help.cpp581#endif
LOWsrc/help.cpp621 cf_print("__CHERI__", "%lld", __CHERI__ + 0, 3);
LOWsrc/help.cpp641
LOWsrc/help.cpp661 cf_print("__ELF__", "%lld", __ELF__ + 0, 3);
LOWsrc/help.cpp681#elif defined(__pie__)
LOWsrc/conf.h41#if !defined(__has_builtin)
LOWsrc/conf.h81#endif
LOWsrc/conf.h101// toolchain-x86_64_gcc-11.2.0_musl/include/fortify/stdlib.h:
LOWsrc/conf.h121// multithreading (UPX currently does not use multithreading)
LOWsrc/conf.h141template <class T>
LOWsrc/conf.h201typedef unsigned char uchar;
LOWsrc/conf.h221//
LOWsrc/conf.h241#define forceinline_constexpr forceinline constexpr
LOWsrc/conf.h261#undef __unix__
LOWsrc/conf.h281#define strncasecmp strnicmp
LOWsrc/conf.h301#endif
LOWsrc/conf.h321#endif
LOWsrc/conf.h341#define outp upx_renamed_outp
LOWsrc/conf.h361#if !defined(VALGRIND_CHECK_MEM_IS_DEFINED)
LOWsrc/conf.h381#endif
LOWsrc/conf.h401#elif __has_builtin(__builtin_memcpy)
LOWsrc/conf.h481noreturn void assertFailed(const char *expr, const char *file, int line, const char *func) noexcept;
LOWsrc/conf.h501#endif
LOWsrc/conf.h521#define EXIT_OK 0
LOWsrc/conf.h541#define UPX_E_NOT_COMPRESSIBLE (-3)
LOWsrc/conf.h561// #define UPX_F_WIN16_NE 11 // NOT IMPLEMENTED
LOWsrc/conf.h581#define UPX_F_VMLINUZ_ARM 31
LOWsrc/conf.h601#define UPX_F_LINUX_ELF32_PPC32 132
LOWsrc/conf.h621#define M_NRV2E_8 9
LOWsrc/conf.h641#define M_IS_LZMA(x) (((x) &255) == M_LZMA)
LOWsrc/p_lx_exc.cpp41#include "p_elf.h"
LOWsrc/p_lx_exc.cpp261
LOWsrc/p_lx_exc.cpp321// // Elf32_Phdr: 1 for exec86, 2 for sh86, 3 for elf86
LOWsrc/p_lx_elf.cpp41#include "p_unix.h"
LOWsrc/p_lx_elf.cpp561// Note that C_TEXT[.p_vaddr, +.p_memsz) is a subset of C_BASE.
LOWsrc/p_lx_elf.cpp1441 (void)m_decompr; // FIXME
LOWsrc/p_lx_elf.cpp3201// ----- glibc-2.31/sysdeps/arm/crti.S
LOWsrc/p_lx_elf.cpp3281 }
LOWsrc/p_lx_elf.cpp3701 }
LOWsrc/p_lx_elf.cpp5541// A. original first PT_LOAD (Ehdr+Phdrs will be overwritten later)
445 more matches not shown…
Self-Referential Comments6 hits · 18 pts
SeverityFileLineSnippet
MEDIUMsrc/stub/scripts/brandelf.py6# This file is part of the UPX executable compressor.
MEDIUMsrc/stub/scripts/bin2h.py6# This file is part of the UPX executable compressor.
MEDIUMsrc/stub/scripts/gpp_inc.py6# This file is part of the UPX executable compressor.
MEDIUMsrc/stub/scripts/xstrip.py6# This file is part of the UPX executable compressor.
MEDIUMsrc/stub/src/arch/i086/wdis2gas.py6# This file is part of the UPX executable compressor.
MEDIUMsrc/stub/src/arch/i086/cleanasm.py6# This file is part of the UPX executable compressor.
Deep Nesting10 hits · 10 pts
SeverityFileLineSnippet
LOWsrc/stub/scripts/brandelf.py45
LOWsrc/stub/scripts/brandelf.py114
LOWsrc/stub/scripts/bin2h.py178
LOWsrc/stub/scripts/bin2h.py271
LOWsrc/stub/scripts/gpp_inc.py142
LOWsrc/stub/scripts/xstrip.py45
LOWsrc/stub/scripts/xstrip.py68
LOWsrc/stub/scripts/xstrip.py135
LOWsrc/stub/scripts/xstrip.py198
LOWsrc/stub/src/arch/i086/wdis2gas.py44
Excessive Try-Catch Wrapping3 hits · 6 pts
SeverityFileLineSnippet
MEDIUMmisc/analyze/clang-tidy/run-clang-tidy.py80 print("Error: could not find compilation database.")
MEDIUMmisc/analyze/clang-tidy/run-clang-tidy.py530 print("Error exporting fixes.\n", file=sys.stderr)
MEDIUMmisc/analyze/clang-tidy/run-clang-tidy.py539 print("Error applying fixes.\n", file=sys.stderr)
Unused Imports5 hits · 5 pts
SeverityFileLineSnippet
LOWmisc/analyze/clang-tidy/run-clang-tidy.py37
LOWsrc/stub/scripts/brandelf.py31
LOWsrc/stub/scripts/brandelf.py31
LOWsrc/stub/scripts/xstrip.py31
LOWsrc/stub/src/arch/i086/wdis2gas.py31
Hyper-Verbose Identifiers2 hits · 2 pts
SeverityFileLineSnippet
LOWmisc/analyze/clang-tidy/run-clang-tidy.py74def find_compilation_database(path):
LOWsrc/stub/scripts/bin2h.py223def encode_compressed_stub_header(method, idata, odata):
AI Slop Vocabulary1 hit · 2 pts
SeverityFileLineSnippet
MEDIUMsrc/p_mach.cpp614 segTEXT.vmsize = len; // FIXME? utilize GAP + NO_LAP + sz_unc - sz_cpr