Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/abcm2ps-8.14.7/abcm2ps.c
Examining data/abcm2ps-8.14.7/abcm2ps.h
Examining data/abcm2ps-8.14.7/abcparse.c
Examining data/abcm2ps-8.14.7/buffer.c
Examining data/abcm2ps-8.14.7/deco.c
Examining data/abcm2ps-8.14.7/draw.c
Examining data/abcm2ps-8.14.7/format.c
Examining data/abcm2ps-8.14.7/front.c
Examining data/abcm2ps-8.14.7/glyph.c
Examining data/abcm2ps-8.14.7/music.c
Examining data/abcm2ps-8.14.7/parse.c
Examining data/abcm2ps-8.14.7/subs.c
Examining data/abcm2ps-8.14.7/svg.c
Examining data/abcm2ps-8.14.7/syms.c
FINAL RESULTS:
data/abcm2ps-8.14.7/abcm2ps.c:510:11: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if ((l = readlink("/proc/self/exe", exe, sizeof exe)) <= 0)
data/abcm2ps-8.14.7/abcm2ps.c:99:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p, ext);
data/abcm2ps-8.14.7/abcm2ps.c:119:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&rfn[l], fn);
data/abcm2ps-8.14.7/abcm2ps.c:125:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rfn, fn);
data/abcm2ps-8.14.7/abcm2ps.c:134:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rfn, "%s%s", styd, fn);
data/abcm2ps-8.14.7/abcm2ps.c:136:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rfn, "%s%c%s", styd, DIRSEP, fn);
data/abcm2ps-8.14.7/abcm2ps.c:416:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p, ext);
data/abcm2ps-8.14.7/abcm2ps.c:569:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tex_buf, /* this buffer is available */
data/abcm2ps-8.14.7/abcm2ps.c:669:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfn, aaa);
data/abcm2ps-8.14.7/abcm2ps.c:1005:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfn, aaa);
data/abcm2ps-8.14.7/abcm2ps.h:60:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/abcm2ps-8.14.7/abcm2ps.h:60:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/abcm2ps-8.14.7/abcm2ps.h:755:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 1, 2)))
data/abcm2ps-8.14.7/abcm2ps.h:771:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 2, 3)))
data/abcm2ps-8.14.7/abcm2ps.h:897:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 2, 3)))
data/abcm2ps-8.14.7/abcparse.c:139:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->text, text);
data/abcm2ps-8.14.7/abcparse.c:459:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->u.clef.name, str);
data/abcm2ps-8.14.7/abcparse.c:1075:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->u.tempo.str1, str);
data/abcm2ps-8.14.7/abcparse.c:1150:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->u.tempo.str2, str);
data/abcm2ps-8.14.7/abcparse.c:1289:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->u.voice.id, voice_tb[voice].id);
data/abcm2ps-8.14.7/abcparse.c:1328:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->u.voice.fname, tex_buf);
data/abcm2ps-8.14.7/abcparse.c:1333:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->u.voice.nname, tex_buf);
data/abcm2ps-8.14.7/abcparse.c:1523:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->text, repeat_value);
data/abcm2ps-8.14.7/abcparse.c:1731:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gch, is->text);
data/abcm2ps-8.14.7/abcparse.c:1733:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gch + n + 1, gchord);
data/abcm2ps-8.14.7/abcparse.c:1776:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gch, gchord);
data/abcm2ps-8.14.7/buffer.c:51:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 2, 3)))
data/abcm2ps-8.14.7/buffer.c:72:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fnm, outfn);
data/abcm2ps-8.14.7/buffer.c:75:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fnm, svg || epsf > 1 ? "Out.xhtml" : OUTPUTFILE);
data/abcm2ps-8.14.7/buffer.c:84:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&fnm[i], p);
data/abcm2ps-8.14.7/buffer.c:87:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&fnm[i + 1],
data/abcm2ps-8.14.7/buffer.c:107:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfnam, fnm);
data/abcm2ps-8.14.7/buffer.c:124:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, tex_buf);
data/abcm2ps-8.14.7/buffer.c:215:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
output = fprintf;
data/abcm2ps-8.14.7/buffer.c:347:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
d += sprintf(d, "%s", p);
data/abcm2ps-8.14.7/buffer.c:358:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
d += sprintf(d, "%s", tex_buf);
data/abcm2ps-8.14.7/buffer.c:362:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
d += sprintf(d, "%s", in_fname);
data/abcm2ps-8.14.7/buffer.c:385:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
d += sprintf(d, "%s", &info[*p - 'A']->text[2]);
data/abcm2ps-8.14.7/buffer.c:414:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
d += sprintf(d, "%s", tex_buf);
data/abcm2ps-8.14.7/buffer.c:417:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
d += sprintf(d,"abcm2ps-" VERSION);
data/abcm2ps-8.14.7/buffer.c:477:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, tex_buf);
data/abcm2ps-8.14.7/buffer.c:686:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfnam, outfn);
data/abcm2ps-8.14.7/buffer.c:688:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfnam, OUTPUTFILE);
data/abcm2ps-8.14.7/buffer.c:710:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outfnam, epsf == 1 ? ".eps" : ".svg");
data/abcm2ps-8.14.7/buffer.c:757:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
mbf += vsnprintf(mbf, outbuf + outbufsz - mbf, fmt, args);
data/abcm2ps-8.14.7/buffer.c:934:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outbuf, p);
data/abcm2ps-8.14.7/deco.c:815:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(d->text, s);
data/abcm2ps-8.14.7/deco.c:943:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name2, name);
data/abcm2ps-8.14.7/deco.c:1595:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, dd->name);
data/abcm2ps-8.14.7/draw.c:951:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meter, "(\\%s)",
data/abcm2ps-8.14.7/draw.c:1650:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hd, "p%shd", acc_tb[acc & 0x07]);
data/abcm2ps-8.14.7/format.c:352:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->text, p);
data/abcm2ps-8.14.7/format.c:1364:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*((char **) fd->v), p);
data/abcm2ps-8.14.7/front.c:615:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prefix, prefix_sav);
data/abcm2ps-8.14.7/front.c:852:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prefix_sav, prefix);
data/abcm2ps-8.14.7/parse.c:1352:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
new_txt += sprintf(new_txt, "%s", latin_names[i4]);
data/abcm2ps-8.14.7/parse.c:1353:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
new_txt += sprintf(new_txt, "%s", acc_name[i1]);
data/abcm2ps-8.14.7/parse.c:1379:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
new_txt += sprintf(new_txt, "%s", acc_name[i1]);
data/abcm2ps-8.14.7/parse.c:1382:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_txt, p);
data/abcm2ps-8.14.7/parse.c:1420:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(r + i + l, capo_txt, cfmt.capo);
data/abcm2ps-8.14.7/parse.c:1424:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r + i + l, q); // ending annotations
data/abcm2ps-8.14.7/parse.c:1909:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lyl->t, q);
data/abcm2ps-8.14.7/parse.c:2079:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p_voice3->id, p_voice2->id);
data/abcm2ps-8.14.7/parse.c:2635:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, s->text);
data/abcm2ps-8.14.7/parse.c:3774:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->u.clef.name, str);
data/abcm2ps-8.14.7/parse.c:4720:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r, op);
data/abcm2ps-8.14.7/parse.c:4724:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r, fill ? " fill" : " stroke");
data/abcm2ps-8.14.7/parse.c:4732:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->text, buf);
data/abcm2ps-8.14.7/parse.c:5647:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, q);
data/abcm2ps-8.14.7/subs.c:90:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, sev == 0 ? "warning: " : "error: ");
data/abcm2ps-8.14.7/subs.c:92:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/abcm2ps-8.14.7/subs.c:353:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "%s", good_tb[i]);
data/abcm2ps-8.14.7/subs.c:1443:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
b += sprintf(b, "%s. ", r);
data/abcm2ps-8.14.7/subs.c:1451:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(b, "%s %.*s", q + 2, (int) (q - p), p);
data/abcm2ps-8.14.7/subs.c:1453:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(b, p);
data/abcm2ps-8.14.7/subs.c:1845:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(t->text, "%%svg %s", s);
data/abcm2ps-8.14.7/subs.c:1848:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(t->text, "%c%s", use, s);
data/abcm2ps-8.14.7/svg.c:870:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, type == SEQ ? " {" : " [");
data/abcm2ps-8.14.7/svg.c:876:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, type == SEQ ? " }" : " ]");
data/abcm2ps-8.14.7/svg.c:1165:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fout, svg_head1, w, h);
data/abcm2ps-8.14.7/svg.c:1168:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fout, svg_font_style_url, cfmt.musicfont);
data/abcm2ps-8.14.7/svg.c:1170:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fout, svg_font_style, cfmt.musicfont);
data/abcm2ps-8.14.7/svg.c:1218:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fout, svg_head3, "page", num);
data/abcm2ps-8.14.7/svg.c:1235:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fout, svg_head3, epsf ? "tune" : "page", num);
data/abcm2ps-8.14.7/svg.c:1428:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(path_buf, sizeof path_buf, fmt, args);
data/abcm2ps-8.14.7/svg.c:1441:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, path_buf);
data/abcm2ps-8.14.7/svg.c:4627:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(tmp, sizeof tmp, fmt, args);
data/abcm2ps-8.14.7/abcm2ps.c:50:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfn[FILENAME_MAX]; /* output file name */
data/abcm2ps-8.14.7/abcm2ps.c:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[2]; /* start of memory area */
data/abcm2ps-8.14.7/abcm2ps.c:92:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fn, "rb")) != NULL)
data/abcm2ps-8.14.7/abcm2ps.c:100:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fn, "rb")) != NULL)
data/abcm2ps-8.14.7/abcm2ps.c:149:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tex_buf, "stdin");
data/abcm2ps-8.14.7/abcm2ps.c:191:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fmtime, &sbuf.st_mtime, sizeof fmtime);
data/abcm2ps-8.14.7/abcm2ps.c:367:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(file_tmp, p, l2);
data/abcm2ps-8.14.7/abcm2ps.c:506:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exe[512], *p;
data/abcm2ps-8.14.7/abcm2ps.c:516:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p - 4, "share/abcm2ps/");
data/abcm2ps-8.14.7/abcm2ps.c:522:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, "tight.fmt");
data/abcm2ps-8.14.7/abcm2ps.c:523:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(exe, "r")) == NULL)
data/abcm2ps-8.14.7/abcm2ps.h:197:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *deco[256];
data/abcm2ps-8.14.7/abcm2ps.h:204:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *fontnames[MAXFONTS]; /* list of font names */
data/abcm2ps-8.14.7/abcm2ps.h:214:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[256]; /* word (dummy size) */
data/abcm2ps-8.14.7/abcm2ps.h:282:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char pits[MAXHD]; /* pitches / clef */
data/abcm2ps-8.14.7/abcm2ps.h:401:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char pits[8];
data/abcm2ps-8.14.7/abcm2ps.h:402:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char accs[8];
data/abcm2ps-8.14.7/abcm2ps.h:413:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char top[8]; /* top value */
data/abcm2ps-8.14.7/abcm2ps.h:414:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bot[2]; /* bottom value */
data/abcm2ps-8.14.7/abcm2ps.h:426:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[VOICE_ID_SZ]; /* voice ID */
data/abcm2ps-8.14.7/abcm2ps.h:491:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *deco_tb[DC_NAME_SZ]; /* decoration names */
data/abcm2ps-8.14.7/abcm2ps.h:589:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char outfn[FILENAME_MAX]; /* output file name */
data/abcm2ps-8.14.7/abcm2ps.h:605:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instr[2]; /* instrument pitch */
data/abcm2ps-8.14.7/abcm2ps.h:634:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[VOICE_ID_SZ]; /* voice id */
data/abcm2ps-8.14.7/abcparse.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char g_char_tb[128];
data/abcm2ps-8.14.7/abcparse.c:38:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *g_deco_tb[128]; /* global decoration names */
data/abcm2ps-8.14.7/abcparse.c:72:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char char_tb[256] = {
data/abcm2ps-8.14.7/abcparse.c:173:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g_char_tb, char_tb, sizeof g_char_tb);
data/abcm2ps-8.14.7/abcparse.c:174:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g_deco_tb, parse.deco_tb, sizeof g_deco_tb);
data/abcm2ps-8.14.7/abcparse.c:175:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g_micro_tb, parse.micro_tb, sizeof g_micro_tb);
data/abcm2ps-8.14.7/abcparse.c:186:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(char_tb, g_char_tb, sizeof g_char_tb);
data/abcm2ps-8.14.7/abcparse.c:187:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(parse.deco_tb, g_deco_tb, sizeof parse.deco_tb);
data/abcm2ps-8.14.7/abcparse.c:188:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(parse.micro_tb, g_micro_tb, sizeof parse.micro_tb);
data/abcm2ps-8.14.7/abcparse.c:208:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(char_tb, g_char_tb, sizeof g_char_tb);
data/abcm2ps-8.14.7/abcparse.c:283:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(p);
data/abcm2ps-8.14.7/abcparse.c:305:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch (atoi(p)) {
data/abcm2ps-8.14.7/abcparse.c:401:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*t, q, l);
data/abcm2ps-8.14.7/abcparse.c:450:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[80];
data/abcm2ps-8.14.7/abcparse.c:563:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char line_tb[7] =
data/abcm2ps-8.14.7/abcparse.c:838:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tex_buf, "%%voicemap ");
data/abcm2ps-8.14.7/abcparse.c:1068:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c, str[80];
data/abcm2ps-8.14.7/abcparse.c:1402:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tex_buf, "%%voicemap ");
data/abcm2ps-8.14.7/abcparse.c:1415:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repeat_value[32];
data/abcm2ps-8.14.7/abcparse.c:1487:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s->u.bar.dc, &dc, sizeof s->u.bar.dc);
data/abcm2ps-8.14.7/abcparse.c:1846:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char qtb[10] = {0, 1, 3, 2, 3, 0, 2, 0, 3, 0};
data/abcm2ps-8.14.7/abcparse.c:1990:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dc_sav, &dc, sizeof dc);
data/abcm2ps-8.14.7/abcparse.c:2006:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dc, &dc_sav, sizeof dc);
data/abcm2ps-8.14.7/abcparse.c:2291:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dc, &dc_sav, sizeof dc);
data/abcm2ps-8.14.7/abcparse.c:2499:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->abc_type != ABC_T_MREST ? &s->u.note.dc
data/abcm2ps-8.14.7/buffer.c:27:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *ln_buf[BUFFLN]; /* buffer location of buffered lines */
data/abcm2ps-8.14.7/buffer.c:30:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static signed char ln_font[BUFFLN]; /* font of buffered lines */
data/abcm2ps-8.14.7/buffer.c:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char outfnam[FILENAME_MAX]; /* internal file name for open/close */
data/abcm2ps-8.14.7/buffer.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnm[FILENAME_MAX];
data/abcm2ps-8.14.7/buffer.c:101:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&fnm[i + 1], "%03d.svg", ++nepsf);
data/abcm2ps-8.14.7/buffer.c:109:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fout = fopen(fnm, "w")) == NULL) {
data/abcm2ps-8.14.7/buffer.c:121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TEX_BUF_SZ];
data/abcm2ps-8.14.7/buffer.c:397:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
d += sprintf(d, "%d", pagenum);
data/abcm2ps-8.14.7/buffer.c:409:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
d += sprintf(d, "%d", pagenum_nr);
data/abcm2ps-8.14.7/buffer.c:432:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048], str[TEX_BUF_SZ + 512];
data/abcm2ps-8.14.7/buffer.c:457:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&f_sav, &cfmt.font_tb[0], sizeof f_sav);
data/abcm2ps-8.14.7/buffer.c:540:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cfmt.font_tb[0], &f_sav, sizeof cfmt.font_tb[0]);
data/abcm2ps-8.14.7/buffer.c:677:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, title[80];
data/abcm2ps-8.14.7/buffer.c:708:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&outfnam[i + 1], "%03d", ++nepsf);
data/abcm2ps-8.14.7/buffer.c:711:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fout = fopen(outfnam, "w")) == NULL) {
data/abcm2ps-8.14.7/buffer.c:851:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[BSIZE], *p, *q;
data/abcm2ps-8.14.7/buffer.c:860:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(p, "r")) == NULL) {
data/abcm2ps-8.14.7/buffer.c:898:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuf, p_buf, strlen(p_buf) + 1);
data/abcm2ps-8.14.7/deco.c:26:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *deco[256]; /* decoration names */
data/abcm2ps-8.14.7/deco.c:84:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *ps_func_tb[128];
data/abcm2ps-8.14.7/deco.c:86:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *str_tb[32];
data/abcm2ps-8.14.7/deco.c:195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[256]; // dummy size
data/abcm2ps-8.14.7/deco.c:839:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name2[32];
data/abcm2ps-8.14.7/deco.c:840:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ps_func[16];
data/abcm2ps-8.14.7/deco.c:902:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str_tb[strx], text, l - 1);
data/abcm2ps-8.14.7/deco.c:2408:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[16];
data/abcm2ps-8.14.7/draw.c:116:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, s_orig, sizeof *s);
data/abcm2ps-8.14.7/draw.c:896:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *f, meter[64];
data/abcm2ps-8.14.7/draw.c:909:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(meter, "(%.8s)(%.2s)",
data/abcm2ps-8.14.7/draw.c:956:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(meter, "(%.8s)",
data/abcm2ps-8.14.7/draw.c:1281:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *rest_tb[NFLAGS_SZ] = {
data/abcm2ps-8.14.7/draw.c:1594:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hd[32];
data/abcm2ps-8.14.7/draw.c:1727:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char y_tb[MAXHD];
data/abcm2ps-8.14.7/draw.c:3134:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mhead1[MAXHD], mhead2[MAXHD], mhead3[MAXHD];
data/abcm2ps-8.14.7/draw.c:3326:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tie, rtie, sizeof tie);
data/abcm2ps-8.14.7/draw.c:3617:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char workmap[70]; /* sharps/flats - base: lowest 'C' */
data/abcm2ps-8.14.7/draw.c:3618:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char basemap[7];
data/abcm2ps-8.14.7/draw.c:3625:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&workmap[7 * j], basemap, 7);
data/abcm2ps-8.14.7/draw.c:3643:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&workmap[7 * j], basemap, 7);
data/abcm2ps-8.14.7/draw.c:3649:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&workmap[7 * j], basemap, 7);
data/abcm2ps-8.14.7/draw.c:3903:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char above_tb[MAXVOICE];
data/abcm2ps-8.14.7/draw.c:3904:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rv_tb[MAXVOICE];
data/abcm2ps-8.14.7/draw.c:4248:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *v[8];
data/abcm2ps-8.14.7/draw.c:4338:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char empty[MAXSTAFF];
data/abcm2ps-8.14.7/draw.c:4712:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p_voice->key, &s->u.key,
data/abcm2ps-8.14.7/draw.c:4786:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p_voice->meter, &s->u.meter,
data/abcm2ps-8.14.7/draw.c:4801:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p_voice->key, &s->u.key,
data/abcm2ps-8.14.7/format.c:23:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fontnames[MAXFONTS]; /* list of font names */
data/abcm2ps-8.14.7/format.c:24:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char font_enc[MAXFONTS]; /* font encoding */
data/abcm2ps-8.14.7/format.c:25:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char def_font_enc[MAXFONTS]; /* default font encoding */
data/abcm2ps-8.14.7/format.c:26:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char used_font[MAXFONTS]; /* used fonts */
data/abcm2ps-8.14.7/format.c:227:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cfmt.font_tb[i], f, sizeof cfmt.font_tb[0]);
data/abcm2ps-8.14.7/format.c:482:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *yn[2] = {"no","yes"};
data/abcm2ps-8.14.7/format.c:522:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[16], *p;
data/abcm2ps-8.14.7/format.c:735:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[80];
data/abcm2ps-8.14.7/format.c:793:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char pitch_tb[14] = {60, 62, 64, 65, 67, 69, 71,
data/abcm2ps-8.14.7/format.c:1054:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[80];
data/abcm2ps-8.14.7/front.c:31:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prefix[4] = {'%'};
data/abcm2ps-8.14.7/front.c:97:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char *latin_tb[5] = {
data/abcm2ps-8.14.7/front.c:117:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst + offset, s, sz);
data/abcm2ps-8.14.7/front.c:125:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *p, c, tmp[4];
data/abcm2ps-8.14.7/front.c:460:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tex_buf, s, ret);
data/abcm2ps-8.14.7/front.c:480:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix_sav[4];
data/abcm2ps-8.14.7/glyph.c:21:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *c2[64] = {
data/abcm2ps-8.14.7/glyph.c:35:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *c3[64] = {
data/abcm2ps-8.14.7/glyph.c:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *c4[64] = {
data/abcm2ps-8.14.7/glyph.c:71:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *c5[64] = {
data/abcm2ps-8.14.7/glyph.c:90:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *ce[64] = {
data/abcm2ps-8.14.7/glyph.c:101:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *e299[64] = {
data/abcm2ps-8.14.7/glyph.c:112:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char **e2[64] = {
data/abcm2ps-8.14.7/glyph.c:123:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *f09d84[64] = {
data/abcm2ps-8.14.7/glyph.c:135:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char **f09d[64] = {
data/abcm2ps-8.14.7/glyph.c:145:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ***f0[64] = {
data/abcm2ps-8.14.7/glyph.c:157:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char **utf_1[62] = {
data/abcm2ps-8.14.7/glyph.c:190:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
g = (char **) utf_1[i1];
data/abcm2ps-8.14.7/glyph.c:192:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
g = (char **) g[i2];
data/abcm2ps-8.14.7/glyph.c:194:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
g = (char **) g[i3];
data/abcm2ps-8.14.7/glyph.c:196:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
g = (char **) g[i4];
data/abcm2ps-8.14.7/glyph.c:248:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
g = (char **) g1[i2];
data/abcm2ps-8.14.7/glyph.c:257:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
g1 = (char **) g[i3];
data/abcm2ps-8.14.7/music.c:41:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rest_sp[NFLAGS_SZ][2] = {
data/abcm2ps-8.14.7/music.c:449:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s->u.note.notes[nhd + 1],
data/abcm2ps-8.14.7/music.c:452:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s->pits[nhd + 1], s2->pits,
data/abcm2ps-8.14.7/music.c:501:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s->u.note.dc.tm[n],
data/abcm2ps-8.14.7/music.c:1748:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, g, sizeof *s);
data/abcm2ps-8.14.7/music.c:2619:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p_voice->s_clef,
data/abcm2ps-8.14.7/music.c:2726:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char staff_delta[MAXSTAFF];
data/abcm2ps-8.14.7/music.c:2727:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const signed char delta_tb[4] = {
data/abcm2ps-8.14.7/music.c:3246:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s->u.clef, &staff_tb[staff].s_clef->u.clef,
data/abcm2ps-8.14.7/music.c:3297:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s->u.key, &p_voice->key, sizeof s->u.key);
data/abcm2ps-8.14.7/music.c:3320:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s->u.meter, &p_voice->meter,
data/abcm2ps-8.14.7/music.c:3512:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const signed char delpit[4] = {0, -7, -14, 0};
data/abcm2ps-8.14.7/music.c:4631:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char empty[MAXSTAFF], empty_gl[MAXSTAFF];
data/abcm2ps-8.14.7/parse.c:63:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *deco_glob[256]; /* global decoration table */
data/abcm2ps-8.14.7/parse.c:90:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char w_tb[NSYMTYPES] = { /* !! index = symbol type !! */
data/abcm2ps-8.14.7/parse.c:110:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static signed char cde2fcg[7] = {0, 2, 4, -1, 1, 3, 5};
data/abcm2ps-8.14.7/parse.c:111:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cgd2cde[7] = {0, 4, 1, 5, 2, 6, 3};
data/abcm2ps-8.14.7/parse.c:174:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dc, &s->u.bar.dc, sizeof dc);
data/abcm2ps-8.14.7/parse.c:207:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s2->u.note.dc, &dc, sizeof s2->u.note.dc);
data/abcm2ps-8.14.7/parse.c:219:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char vn[MAXVOICE]; /* voice indexed by range */
data/abcm2ps-8.14.7/parse.c:521:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s2, s, sizeof *s2);
data/abcm2ps-8.14.7/parse.c:606:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s2, s, sizeof *s2);
data/abcm2ps-8.14.7/parse.c:629:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g2, g, sizeof *g2);
data/abcm2ps-8.14.7/parse.c:636:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g2, g, sizeof *g2);
data/abcm2ps-8.14.7/parse.c:679:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_sy, parsys, sizeof *new_sy);
data/abcm2ps-8.14.7/parse.c:789:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&voice_tb[s2->voice].key, &s2->u.key,
data/abcm2ps-8.14.7/parse.c:793:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&voice_tb[s2->voice].meter, &s2->u.meter,
data/abcm2ps-8.14.7/parse.c:1128:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const signed char acc1[6] = {0, 1, 0, -1, 2, -2};
data/abcm2ps-8.14.7/parse.c:1129:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char acc2[5] = {A_DF, A_FT, A_NT, A_SH, A_DS};
data/abcm2ps-8.14.7/parse.c:1265:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *latin_names[7] =
data/abcm2ps-8.14.7/parse.c:1267:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *acc_name[5] = {"bb", "b", "", "#", "##"};
data/abcm2ps-8.14.7/parse.c:1328:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_txt, s->text, l);
data/abcm2ps-8.14.7/parse.c:1723:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[128], *p, *q;
data/abcm2ps-8.14.7/parse.c:2054:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p_voice2->key, &p_voice->key,
data/abcm2ps-8.14.7/parse.c:2056:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p_voice2->ckey, &p_voice->ckey,
data/abcm2ps-8.14.7/parse.c:2058:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p_voice2->okey, &p_voice->okey,
data/abcm2ps-8.14.7/parse.c:2409:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p_voice2, p_voice, sizeof *p_voice2);
data/abcm2ps-8.14.7/parse.c:2696:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s2, s1, sizeof *s2);
data/abcm2ps-8.14.7/parse.c:2746:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s2, s, sizeof *s2);
data/abcm2ps-8.14.7/parse.c:2859:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(map, omap, sizeof *map);
data/abcm2ps-8.14.7/parse.c:2864:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(notes, onotes, sizeof *notes);
data/abcm2ps-8.14.7/parse.c:3111:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dfmt, &cfmt, sizeof dfmt); /* save global values */
data/abcm2ps-8.14.7/parse.c:3112:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&info_glob, &info, sizeof info_glob);
data/abcm2ps-8.14.7/parse.c:3113:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(deco_glob, deco, sizeof deco_glob);
data/abcm2ps-8.14.7/parse.c:3648:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cfmt, &dfmt, sizeof cfmt); /* restore global values */
data/abcm2ps-8.14.7/parse.c:3649:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&info, &info_glob, sizeof info);
data/abcm2ps-8.14.7/parse.c:3650:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(deco, deco_glob, sizeof deco);
data/abcm2ps-8.14.7/parse.c:3761:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[80];
data/abcm2ps-8.14.7/parse.c:3903:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char accs[8], pits[8];
data/abcm2ps-8.14.7/parse.c:3904:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sharp_tb[8] = {26, 23, 27, 24, 21, 25, 22};
data/abcm2ps-8.14.7/parse.c:3905:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char flat_tb[8] = {22, 25, 21, 24, 20, 23, 26};
data/abcm2ps-8.14.7/parse.c:3971:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&okey, &s->u.key, sizeof okey);
data/abcm2ps-8.14.7/parse.c:3991:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&voice.ckey, &s->u.key, sizeof voice.ckey);
data/abcm2ps-8.14.7/parse.c:3996:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(note.u.note.pits, voice.ckey.pits,
data/abcm2ps-8.14.7/parse.c:3998:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(note.u.note.accs, voice.ckey.accs,
data/abcm2ps-8.14.7/parse.c:4004:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->u.key.pits, note.u.note.pits,
data/abcm2ps-8.14.7/parse.c:4006:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->u.key.accs, note.u.note.accs,
data/abcm2ps-8.14.7/parse.c:4021:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p_voice->key, &s->u.key,
data/abcm2ps-8.14.7/parse.c:4023:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p_voice->ckey, &s->u.key,
data/abcm2ps-8.14.7/parse.c:4025:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p_voice->okey, &okey,
data/abcm2ps-8.14.7/parse.c:4044:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&curvoice->key, &s->u.key,
data/abcm2ps-8.14.7/parse.c:4046:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&curvoice->ckey, &s->u.key,
data/abcm2ps-8.14.7/parse.c:4048:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&curvoice->okey, &okey,
data/abcm2ps-8.14.7/parse.c:4081:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&curvoice->ckey, &s->u.key,
data/abcm2ps-8.14.7/parse.c:4083:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&curvoice->okey, &okey,
data/abcm2ps-8.14.7/parse.c:4117:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p_voice->meter, &s->u.meter,
data/abcm2ps-8.14.7/parse.c:4125:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&curvoice->meter, &s->u.meter,
data/abcm2ps-8.14.7/parse.c:4264:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char new_order[MAXHD], inv_order[MAXHD];
data/abcm2ps-8.14.7/parse.c:4273:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v_note, &s->u.note.notes[i],
data/abcm2ps-8.14.7/parse.c:4275:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s->u.note.notes[i], &s->u.note.notes[i - 1],
data/abcm2ps-8.14.7/parse.c:4277:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s->u.note.notes[i - 1], &v_note,
data/abcm2ps-8.14.7/parse.c:4520:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32], *r = tmp;
data/abcm2ps-8.14.7/parse.c:4572:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(r, "{gsave T ");
data/abcm2ps-8.14.7/parse.c:4589:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
r += sprintf(r, "%.2f %.2f T ", x, -y);
data/abcm2ps-8.14.7/parse.c:4591:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
r += sprintf(r, "%.2f %.2f scale ", x1, y1);
data/abcm2ps-8.14.7/parse.c:4593:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
r += sprintf(r, "%.2f %.2f T %.2f %.2f scale ",
data/abcm2ps-8.14.7/parse.c:4596:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
r += sprintf(r, "%.2f %.2f scale %.2f %.2f T ",
data/abcm2ps-8.14.7/parse.c:4599:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(r, "0 0 M\n");
data/abcm2ps-8.14.7/parse.c:4684:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
r += sprintf(r, " %.2f %.2f %.2f %.2f",
data/abcm2ps-8.14.7/parse.c:4695:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
r += sprintf(r, " %.2f %.2f %.2f %.2f",
data/abcm2ps-8.14.7/parse.c:4726:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(r, "\ngrestore}!");
data/abcm2ps-8.14.7/parse.c:5161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char w[32], *p, *q;
data/abcm2ps-8.14.7/parse.c:5312:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[STRL1], line[STRL1];
data/abcm2ps-8.14.7/parse.c:5443:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pagenum = atoi(p);
data/abcm2ps-8.14.7/parse.c:5490:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(p);
data/abcm2ps-8.14.7/parse.c:5505:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
k = atoi(p);
data/abcm2ps-8.14.7/parse.c:5533:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(p);
data/abcm2ps-8.14.7/parse.c:5542:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(w, "measurefirst");
data/abcm2ps-8.14.7/parse.c:5593:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
staff = curvoice->cstaff + atoi(p + 1);
data/abcm2ps-8.14.7/parse.c:5595:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
staff = curvoice->cstaff - atoi(p + 1);
data/abcm2ps-8.14.7/parse.c:5597:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
staff = atoi(p) - 1;
data/abcm2ps-8.14.7/parse.c:5627:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch (atoi(p)) {
data/abcm2ps-8.14.7/parse.c:5775:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p_voice->key, &p_voice->okey,
data/abcm2ps-8.14.7/parse.c:5778:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p_voice->ckey, &p_voice->key,
data/abcm2ps-8.14.7/parse.c:5789:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&curvoice->key, &curvoice->okey,
data/abcm2ps-8.14.7/parse.c:5792:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&curvoice->ckey, &curvoice->key,
data/abcm2ps-8.14.7/parse.c:5817:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s2->u.key, &curvoice->okey,
data/abcm2ps-8.14.7/parse.c:5820:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&curvoice->ckey, &s2->u.key,
data/abcm2ps-8.14.7/subs.c:28:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tex_buf[TEX_BUF_SZ]; /* result of tex_str() */
data/abcm2ps-8.14.7/subs.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[2];
data/abcm2ps-8.14.7/subs.c:339:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char font_name[128], *p, *q;
data/abcm2ps-8.14.7/subs.c:396:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256];
data/abcm2ps-8.14.7/subs.c:584:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256];
data/abcm2ps-8.14.7/subs.c:1002:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], *p, *q;
data/abcm2ps-8.14.7/subs.c:1370:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[265];
data/abcm2ps-8.14.7/subs.c:1410:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[STRL1];
data/abcm2ps-8.14.7/subs.c:1500:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inf_nb[26];
data/abcm2ps-8.14.7/subs.c:1502:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inf_ft[26];
data/abcm2ps-8.14.7/subs.c:1504:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[64];
data/abcm2ps-8.14.7/subs.c:1516:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inf_s, info, sizeof inf_s);
data/abcm2ps-8.14.7/subs.c:1626:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], *r;
data/abcm2ps-8.14.7/subs.c:1871:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[BSIZE];
data/abcm2ps-8.14.7/subs.c:1873:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(p + 1, "r")) == NULL) {
data/abcm2ps-8.14.7/svg.c:60:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char path_buf[256];
data/abcm2ps-8.14.7/svg.c:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dash[64];
data/abcm2ps-8.14.7/svg.c:1251:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gold, &gcur, sizeof gold);
data/abcm2ps-8.14.7/svg.c:1382:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gold, &gcur, sizeof gold);
data/abcm2ps-8.14.7/svg.c:1674:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[4], *s, *p, *q;
data/abcm2ps-8.14.7/svg.c:2784:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&e->u.s[1], &s[n + 1], count);
data/abcm2ps-8.14.7/svg.c:2826:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gcur, &gsave[--nsave], sizeof gcur);
data/abcm2ps-8.14.7/svg.c:2840:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gsave[nsave++], &gcur, sizeof gsave[0]);
data/abcm2ps-8.14.7/svg.c:3682:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&e3->u.s[1],
data/abcm2ps-8.14.7/svg.c:3753:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, " stroke-dashoffset=\"%d\"", n);
data/abcm2ps-8.14.7/svg.c:3754:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, " stroke-dasharray=\"");
data/abcm2ps-8.14.7/svg.c:3766:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%d,", (int) e->u.v);
data/abcm2ps-8.14.7/svg.c:4605:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, q, l);
data/abcm2ps-8.14.7/svg.c:4624:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/abcm2ps-8.14.7/abcm2ps.c:98:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(p, ".");
data/abcm2ps-8.14.7/abcm2ps.c:118:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rfn, in_fname, l);
data/abcm2ps-8.14.7/abcm2ps.c:132:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(styd) - 1;
data/abcm2ps-8.14.7/abcm2ps.c:229:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(abc_fn);
data/abcm2ps-8.14.7/abcm2ps.c:413:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(p, ".");
data/abcm2ps-8.14.7/abcm2ps.c:565:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(w) + strlen(v) >= TEX_BUF_SZ - 10) {
data/abcm2ps-8.14.7/abcm2ps.c:565:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(w) + strlen(v) >= TEX_BUF_SZ - 10) {
data/abcm2ps-8.14.7/abcm2ps.c:647:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p) - 1;
data/abcm2ps-8.14.7/abcm2ps.c:663:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p) - 1;
data/abcm2ps-8.14.7/abcm2ps.c:665:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(aaa) >= sizeof outfn) {
data/abcm2ps-8.14.7/abcm2ps.c:677:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p) - 1; /* skip */
data/abcm2ps-8.14.7/abcm2ps.c:730:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(p) - 1;
data/abcm2ps-8.14.7/abcm2ps.c:933:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p) - 1; /* stop */
data/abcm2ps-8.14.7/abcm2ps.c:937:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = 0; j < strlen(aaa); j++) {
data/abcm2ps-8.14.7/abcm2ps.c:980:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (aaa[strlen(aaa) - 1] == 'b')
data/abcm2ps-8.14.7/abcm2ps.c:1001:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(aaa) >= sizeof outfn) {
data/abcm2ps-8.14.7/abcparse.c:138:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->text = getarena(strlen(text) + 1);
data/abcm2ps-8.14.7/abcparse.c:325:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*p_stlines, q, l);
data/abcm2ps-8.14.7/abcparse.c:387:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(*t) == l
data/abcm2ps-8.14.7/abcparse.c:458:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->u.clef.name = getarena(strlen(str) + 1);
data/abcm2ps-8.14.7/abcparse.c:1074:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->u.tempo.str1 = getarena(strlen(str) + 1);
data/abcm2ps-8.14.7/abcparse.c:1149:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->u.tempo.str2 = getarena(strlen(str) + 1);
data/abcm2ps-8.14.7/abcparse.c:1286:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(voice_tb[voice].id, id, sizeof voice_tb[voice].id - 1);
data/abcm2ps-8.14.7/abcparse.c:1327:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->u.voice.fname = getarena(strlen(tex_buf) + 1);
data/abcm2ps-8.14.7/abcparse.c:1332:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->u.voice.nname = getarena(strlen(tex_buf) + 1);
data/abcm2ps-8.14.7/abcparse.c:1522:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->text = getarena(strlen(repeat_value) + 1);
data/abcm2ps-8.14.7/abcparse.c:1729:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(is->text);
data/abcm2ps-8.14.7/abcparse.c:1730:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gch = getarena(n + strlen(gchord) + 2);
data/abcm2ps-8.14.7/abcparse.c:1774:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = strlen(gchord);
data/abcm2ps-8.14.7/abcparse.c:1778:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&gch[l2], q, l);
data/abcm2ps-8.14.7/abcparse.c:1783:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gchord, q, l);
data/abcm2ps-8.14.7/abcparse.c:1960:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = p[strlen(p) - 1];
data/abcm2ps-8.14.7/abcparse.c:2601:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(abc_line);
data/abcm2ps-8.14.7/buffer.c:73:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(fnm) - 1;
data/abcm2ps-8.14.7/buffer.c:98:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(fnm) - 1;
data/abcm2ps-8.14.7/buffer.c:196:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(version); i++) {
data/abcm2ps-8.14.7/buffer.c:491:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
svg_write(tmp, strlen(tmp));
data/abcm2ps-8.14.7/buffer.c:508:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
svg_write(tmp, strlen(tmp));
data/abcm2ps-8.14.7/buffer.c:523:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
svg_write(tmp, strlen(tmp));
data/abcm2ps-8.14.7/buffer.c:690:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(outfnam) - 1;
data/abcm2ps-8.14.7/buffer.c:702:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&outfnam[i], p, sizeof outfnam - i - 4);
data/abcm2ps-8.14.7/buffer.c:870:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
svg_write(line, strlen(line));
data/abcm2ps-8.14.7/buffer.c:884:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(line, 1, strlen(line), fout);
data/abcm2ps-8.14.7/buffer.c:898:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(outbuf, p_buf, strlen(p_buf) + 1);
data/abcm2ps-8.14.7/buffer.c:899:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbf = &outbuf[strlen(outbuf)];
data/abcm2ps-8.14.7/deco.c:813:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s);
data/abcm2ps-8.14.7/deco.c:843:6: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(text, "%15s %d %15s %d %d %d%n",
data/abcm2ps-8.14.7/deco.c:900:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(text);
data/abcm2ps-8.14.7/deco.c:934:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(name);
data/abcm2ps-8.14.7/deco.c:1027:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(name);
data/abcm2ps-8.14.7/deco.c:1157:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dd->name) >= 4
data/abcm2ps-8.14.7/deco.c:1191:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dd->name) != 5)
data/abcm2ps-8.14.7/deco.c:1221:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dd->name) != 7
data/abcm2ps-8.14.7/deco.c:1237:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(dd->name);
data/abcm2ps-8.14.7/deco.c:1250:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dd->name) < 6) {
data/abcm2ps-8.14.7/deco.c:1361:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(gl);
data/abcm2ps-8.14.7/deco.c:1364:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(gl);
data/abcm2ps-8.14.7/deco.c:1593:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(dd->name);
data/abcm2ps-8.14.7/draw.c:857:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(stafflines);
data/abcm2ps-8.14.7/draw.c:905:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s->u.meter.meter[i].top);
data/abcm2ps-8.14.7/draw.c:913:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = strlen(s->u.meter.meter[i].bot);
data/abcm2ps-8.14.7/draw.c:996:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(stafflines);
data/abcm2ps-8.14.7/draw.c:1345:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(stafflines);
data/abcm2ps-8.14.7/draw.c:3793:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(p) - 1;
data/abcm2ps-8.14.7/format.c:351:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->text = (char *) getarena(strlen(p) + 1);
data/abcm2ps-8.14.7/format.c:961:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(w);
data/abcm2ps-8.14.7/format.c:1179:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(p);
data/abcm2ps-8.14.7/format.c:1359:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(p) + 1;
data/abcm2ps-8.14.7/music.c:82:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q = p + strlen(p);
data/abcm2ps-8.14.7/music.c:929:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if ((isdigit((unsigned char) *p) && strlen(p) > 2)
data/abcm2ps-8.14.7/music.c:1196:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(s->text) < 4)
data/abcm2ps-8.14.7/music.c:1255:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s->u.meter.meter[i].top);
data/abcm2ps-8.14.7/music.c:1265:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = strlen(s->u.meter.meter[i].bot);
data/abcm2ps-8.14.7/music.c:2553:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
staff_clef[staff].mid = (strlen(sy->staff[staff].stafflines) - 1) * 3;
data/abcm2ps-8.14.7/music.c:2593:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(sy->staff[staff].stafflines) - 1) * 3;
data/abcm2ps-8.14.7/music.c:4704:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(stafflines);
data/abcm2ps-8.14.7/parse.c:1326:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_txt = getarena(strlen(s->text) + 6);
data/abcm2ps-8.14.7/parse.c:1409:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(p);
data/abcm2ps-8.14.7/parse.c:1412:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
li = strlen(capo_txt);
data/abcm2ps-8.14.7/parse.c:1414:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = (char *) getarena(strlen(s->text) + l + li + 1);
data/abcm2ps-8.14.7/parse.c:1416:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r, s->text, i); // annotations + chord symbol
data/abcm2ps-8.14.7/parse.c:1418:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r + i, p, l); // capo
data/abcm2ps-8.14.7/parse.c:1634:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(p);
data/abcm2ps-8.14.7/parse.c:1905:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(q) + 1);
data/abcm2ps-8.14.7/parse.c:2625:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(s2->text) + 1;
data/abcm2ps-8.14.7/parse.c:2636:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p);
data/abcm2ps-8.14.7/parse.c:3773:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->u.clef.name = (char *) getarena(strlen(str) + 1);
data/abcm2ps-8.14.7/parse.c:4570:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r, id + 4, idsz);
data/abcm2ps-8.14.7/parse.c:4573:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r += strlen(r);
data/abcm2ps-8.14.7/parse.c:4600:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r += strlen(r);
data/abcm2ps-8.14.7/parse.c:4721:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r += strlen(r);
data/abcm2ps-8.14.7/parse.c:4725:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r += strlen(r);
data/abcm2ps-8.14.7/parse.c:4727:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r += strlen(r);
data/abcm2ps-8.14.7/parse.c:4731:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->text = getarena(strlen(buf) + 1);
data/abcm2ps-8.14.7/parse.c:4904:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(col_tb[i].name)) == 0)
data/abcm2ps-8.14.7/parse.c:4920:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch (p[strlen(p) - 1]) {
data/abcm2ps-8.14.7/parse.c:5057:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(map->name, name, l);
data/abcm2ps-8.14.7/parse.c:5116:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(note_map->heads, name, l);
data/abcm2ps-8.14.7/parse.c:5134:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(note_map->heads, name, l);
data/abcm2ps-8.14.7/parse.c:5167:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q = p + strlen(p) - 5;
data/abcm2ps-8.14.7/parse.c:5615:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p[strlen(p) - 1] == 'f')
data/abcm2ps-8.14.7/parse.c:5644:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(p);
data/abcm2ps-8.14.7/parse.c:5992:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt = malloc(sizeof *opt + strlen(p));
data/abcm2ps-8.14.7/subs.c:352:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(q, bad_tb[i], strlen(bad_tb[i])) == 0) {
data/abcm2ps-8.14.7/subs.c:354:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q += strlen(bad_tb[i]);
data/abcm2ps-8.14.7/subs.c:372:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p + 1, p, strlen(p) + 1);
data/abcm2ps-8.14.7/subs.c:377:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p + 1, p, strlen(p) + 1);
data/abcm2ps-8.14.7/subs.c:382:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p + 1, p, strlen(p) + 1);
data/abcm2ps-8.14.7/subs.c:1013:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, p, sizeof buf - 1);
data/abcm2ps-8.14.7/subs.c:1014:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q = buf + strlen(buf);
data/abcm2ps-8.14.7/subs.c:1019:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(q, p, buf + sizeof buf - 2 - q);
data/abcm2ps-8.14.7/subs.c:1020:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q += strlen(q);
data/abcm2ps-8.14.7/subs.c:1293:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(p) > max2col) {
data/abcm2ps-8.14.7/subs.c:1419:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(q) > 7 /* word no more than 5 characters */
data/abcm2ps-8.14.7/subs.c:1423:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(q) > cfmt.titletrim - 2)
data/abcm2ps-8.14.7/subs.c:1439:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) + strlen(r) + 3 >= sizeof buf) {
data/abcm2ps-8.14.7/subs.c:1439:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) + strlen(r) + 3 >= sizeof buf) {
data/abcm2ps-8.14.7/subs.c:1445:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) >= sizeof buf) {
data/abcm2ps-8.14.7/subs.c:1635:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, q, sizeof buf - 1);
data/abcm2ps-8.14.7/subs.c:1637:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(buf);
data/abcm2ps-8.14.7/subs.c:1650:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = buf + strlen(buf);
data/abcm2ps-8.14.7/subs.c:1651:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r, q, buf + sizeof buf - r - 1);
data/abcm2ps-8.14.7/subs.c:1842:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s);
data/abcm2ps-8.14.7/subs.c:1895:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
svg_write(p + 1, strlen(p + 1));
data/abcm2ps-8.14.7/subs.c:1904:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
svg_write(p + 1, strlen(&t->text[1]));
data/abcm2ps-8.14.7/svg.c:1274:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
svg_write(s, strlen(s));
data/abcm2ps-8.14.7/svg.c:1431:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = malloc(strlen(path_buf) + 1);
data/abcm2ps-8.14.7/svg.c:1434:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = realloc(path, strlen(path) + strlen(path_buf) + 1);
data/abcm2ps-8.14.7/svg.c:1434:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = realloc(path, strlen(path) + strlen(path_buf) + 1);
data/abcm2ps-8.14.7/svg.c:1435:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = path + strlen(path);
data/abcm2ps-8.14.7/svg.c:1506:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(defs);
data/abcm2ps-8.14.7/svg.c:1511:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(defs + i, id, idsz);
data/abcm2ps-8.14.7/svg.c:1756:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = p + strlen(p) + 1; /* next string of gxshow */
data/abcm2ps-8.14.7/svg.c:2062:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w = 7 * strlen(s);
data/abcm2ps-8.14.7/svg.c:2324:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
svg_write(s, strlen(s));
data/abcm2ps-8.14.7/svg.c:2727:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((unsigned) n >= strlen(s) - 1) {
data/abcm2ps-8.14.7/svg.c:2772:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((unsigned) n >= strlen(s)
data/abcm2ps-8.14.7/svg.c:2773:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| (unsigned) count >= strlen(s) - n) {
data/abcm2ps-8.14.7/svg.c:3031:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e->u.v = strlen(s + 1);
data/abcm2ps-8.14.7/svg.c:3354:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((unsigned) n >= strlen(s) - 1) {
data/abcm2ps-8.14.7/svg.c:3674:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = strlen(e->u.s);
data/abcm2ps-8.14.7/svg.c:3675:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l3 = strlen(e2->u.s) - l2 - l1 + 2;
data/abcm2ps-8.14.7/svg.c:3770:4: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(p, "\"");
data/abcm2ps-8.14.7/svg.c:4355:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s && s[-1] == '"' && s[strlen(op)] == '"') {
data/abcm2ps-8.14.7/svg.c:4629:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
svg_write(tmp, strlen(tmp));
data/abcm2ps-8.14.7/syms.c:884:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = q + strlen(p) - 1; // ')'
ANALYSIS SUMMARY:
Hits = 489
Lines analyzed = 35038 in approximately 0.83 seconds (42196 lines/second)
Physical Source Lines of Code (SLOC) = 30857
Hits@level = [0] 338 [1] 146 [2] 256 [3] 0 [4] 86 [5] 1
Hits@level+ = [0+] 827 [1+] 489 [2+] 343 [3+] 87 [4+] 87 [5+] 1
Hits/KSLOC@level+ = [0+] 26.8011 [1+] 15.8473 [2+] 11.1158 [3+] 2.81946 [4+] 2.81946 [5+] 0.0324076
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.