Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/argyll-2.0.1+repack/render/render.c
Examining data/argyll-2.0.1+repack/render/screens.h
Examining data/argyll-2.0.1+repack/render/thscreen.h
Examining data/argyll-2.0.1+repack/render/timage.c
Examining data/argyll-2.0.1+repack/render/render.h
Examining data/argyll-2.0.1+repack/render/thscreen.c
Examining data/argyll-2.0.1+repack/yajl/yajl_encode.c
Examining data/argyll-2.0.1+repack/yajl/json_verify.c
Examining data/argyll-2.0.1+repack/yajl/yajl_common.h
Examining data/argyll-2.0.1+repack/yajl/yajl_version.c
Examining data/argyll-2.0.1+repack/yajl/yajl_tree.c
Examining data/argyll-2.0.1+repack/yajl/yajl_parse.h
Examining data/argyll-2.0.1+repack/yajl/yajl_parser.h
Examining data/argyll-2.0.1+repack/yajl/yajl_tree.h
Examining data/argyll-2.0.1+repack/yajl/yajl_gen.c
Examining data/argyll-2.0.1+repack/yajl/yajl_buf.h
Examining data/argyll-2.0.1+repack/yajl/yajl_gen.h
Examining data/argyll-2.0.1+repack/yajl/yajl_buf.c
Examining data/argyll-2.0.1+repack/yajl/yajl.h
Examining data/argyll-2.0.1+repack/yajl/yajl.c
Examining data/argyll-2.0.1+repack/yajl/yajl_alloc.c
Examining data/argyll-2.0.1+repack/yajl/yajl_test.c
Examining data/argyll-2.0.1+repack/yajl/yajl_bytestack.h
Examining data/argyll-2.0.1+repack/yajl/yajl_lex.c
Examining data/argyll-2.0.1+repack/yajl/yajl_alloc.h
Examining data/argyll-2.0.1+repack/yajl/yajl_parser.c
Examining data/argyll-2.0.1+repack/yajl/yajl_encode.h
Examining data/argyll-2.0.1+repack/yajl/yajl_lex.h
Examining data/argyll-2.0.1+repack/yajl/yajl_version.h
Examining data/argyll-2.0.1+repack/ccast/ccast.c
Examining data/argyll-2.0.1+repack/ccast/ccpacket.h
Examining data/argyll-2.0.1+repack/ccast/filt.c
Examining data/argyll-2.0.1+repack/ccast/ccast.h
Examining data/argyll-2.0.1+repack/ccast/ccmdns.h
Examining data/argyll-2.0.1+repack/ccast/axTLS/bigint.c
Examining data/argyll-2.0.1+repack/ccast/axTLS/cert.h
Examining data/argyll-2.0.1+repack/ccast/axTLS/bigint_impl.h
Examining data/argyll-2.0.1+repack/ccast/axTLS/tls1.h
Examining data/argyll-2.0.1+repack/ccast/axTLS/p12.c
Examining data/argyll-2.0.1+repack/ccast/axTLS/crypto_misc.c
Examining data/argyll-2.0.1+repack/ccast/axTLS/bigint.h
Examining data/argyll-2.0.1+repack/ccast/axTLS/tls1.c
Examining data/argyll-2.0.1+repack/ccast/axTLS/crypto_misc.h
Examining data/argyll-2.0.1+repack/ccast/axTLS/ssl.h
Examining data/argyll-2.0.1+repack/ccast/axTLS/x509.c
Examining data/argyll-2.0.1+repack/ccast/axTLS/md5.c
Examining data/argyll-2.0.1+repack/ccast/axTLS/asn1.c
Examining data/argyll-2.0.1+repack/ccast/axTLS/openssl.c
Examining data/argyll-2.0.1+repack/ccast/axTLS/rsa.c
Examining data/argyll-2.0.1+repack/ccast/axTLS/sha1.c
Examining data/argyll-2.0.1+repack/ccast/axTLS/private_key.h
Examining data/argyll-2.0.1+repack/ccast/axTLS/os_port.c
Examining data/argyll-2.0.1+repack/ccast/axTLS/md2.c
Examining data/argyll-2.0.1+repack/ccast/axTLS/aes.c
Examining data/argyll-2.0.1+repack/ccast/axTLS/os_int.h
Examining data/argyll-2.0.1+repack/ccast/axTLS/axTLS_config.h
Examining data/argyll-2.0.1+repack/ccast/axTLS/axTLS_version.h
Examining data/argyll-2.0.1+repack/ccast/axTLS/crypto.h
Examining data/argyll-2.0.1+repack/ccast/axTLS/tls1_svr.c
Examining data/argyll-2.0.1+repack/ccast/axTLS/rc4.c
Examining data/argyll-2.0.1+repack/ccast/axTLS/loader.c
Examining data/argyll-2.0.1+repack/ccast/axTLS/os_port.h
Examining data/argyll-2.0.1+repack/ccast/axTLS/hmac.c
Examining data/argyll-2.0.1+repack/ccast/axTLS/gen_cert.c
Examining data/argyll-2.0.1+repack/ccast/axTLS/tls1_clnt.c
Examining data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c
Examining data/argyll-2.0.1+repack/ccast/chan/cast_channel.pb-c.h
Examining data/argyll-2.0.1+repack/ccast/chan/cast_channel.pb-c.c
Examining data/argyll-2.0.1+repack/ccast/chan/protobuf-c.h
Examining data/argyll-2.0.1+repack/ccast/ccmes.h
Examining data/argyll-2.0.1+repack/ccast/dpat.c
Examining data/argyll-2.0.1+repack/ccast/cctest.c
Examining data/argyll-2.0.1+repack/ccast/ccmes.c
Examining data/argyll-2.0.1+repack/ccast/ccmdns.c
Examining data/argyll-2.0.1+repack/ccast/ccpacket.c
Examining data/argyll-2.0.1+repack/spectro/xrga.c
Examining data/argyll-2.0.1+repack/spectro/kleink10.h
Examining data/argyll-2.0.1+repack/spectro/oeminst.c
Examining data/argyll-2.0.1+repack/spectro/dtp41.h
Examining data/argyll-2.0.1+repack/spectro/usbio_bsd.c
Examining data/argyll-2.0.1+repack/spectro/dtp51.h
Examining data/argyll-2.0.1+repack/spectro/webwin.h
Examining data/argyll-2.0.1+repack/spectro/dev.h
Examining data/argyll-2.0.1+repack/spectro/synthcal.c
Examining data/argyll-2.0.1+repack/spectro/aglob.h
Examining data/argyll-2.0.1+repack/spectro/insttypes.h
Examining data/argyll-2.0.1+repack/spectro/insttypes.c
Examining data/argyll-2.0.1+repack/spectro/munki.h
Examining data/argyll-2.0.1+repack/spectro/aglob.c
Examining data/argyll-2.0.1+repack/spectro/LzmaDec.c
Examining data/argyll-2.0.1+repack/spectro/icoms.h
Examining data/argyll-2.0.1+repack/spectro/icoms_ux.c
Examining data/argyll-2.0.1+repack/spectro/madvrwin.h
Examining data/argyll-2.0.1+repack/spectro/colorhug.h
Examining data/argyll-2.0.1+repack/spectro/icoms_nt.c
Examining data/argyll-2.0.1+repack/spectro/inst.c
Examining data/argyll-2.0.1+repack/spectro/ex1.h
Examining data/argyll-2.0.1+repack/spectro/conv.h
Examining data/argyll-2.0.1+repack/spectro/dtp20.h
Examining data/argyll-2.0.1+repack/spectro/sa_conv.h
Examining data/argyll-2.0.1+repack/spectro/LzmaTypes.h
Examining data/argyll-2.0.1+repack/spectro/mongoose.h
Examining data/argyll-2.0.1+repack/spectro/icoms.c
Examining data/argyll-2.0.1+repack/spectro/dtp92.h
Examining data/argyll-2.0.1+repack/spectro/dispwin.h
Examining data/argyll-2.0.1+repack/spectro/inflate.c
Examining data/argyll-2.0.1+repack/spectro/oemarch.h
Examining data/argyll-2.0.1+repack/spectro/i1d3.h
Examining data/argyll-2.0.1+repack/spectro/disptechs.c
Examining data/argyll-2.0.1+repack/spectro/base64.c
Examining data/argyll-2.0.1+repack/spectro/xdg_bds.h
Examining data/argyll-2.0.1+repack/spectro/inst.h
Examining data/argyll-2.0.1+repack/spectro/sa_conv.c
Examining data/argyll-2.0.1+repack/spectro/iusb.h
Examining data/argyll-2.0.1+repack/spectro/hcfr.h
Examining data/argyll-2.0.1+repack/spectro/hcfr.c
Examining data/argyll-2.0.1+repack/spectro/usbio.h
Examining data/argyll-2.0.1+repack/spectro/huey.h
Examining data/argyll-2.0.1+repack/spectro/insttypeinst.h
Examining data/argyll-2.0.1+repack/spectro/vtpgluttypes.h
Examining data/argyll-2.0.1+repack/spectro/hidio.h
Examining data/argyll-2.0.1+repack/spectro/usbio_ox.c
Examining data/argyll-2.0.1+repack/spectro/base64.h
Examining data/argyll-2.0.1+repack/spectro/vtpglut.c
Examining data/argyll-2.0.1+repack/spectro/i1disp.h
Examining data/argyll-2.0.1+repack/spectro/dtp20.c
Examining data/argyll-2.0.1+repack/spectro/pollem.h
Examining data/argyll-2.0.1+repack/spectro/disptechs.h
Examining data/argyll-2.0.1+repack/spectro/xrga.h
Examining data/argyll-2.0.1+repack/spectro/cubecal.h
Examining data/argyll-2.0.1+repack/spectro/LzmaDec.h
Examining data/argyll-2.0.1+repack/spectro/dispsup.h
Examining data/argyll-2.0.1+repack/spectro/conv.c
Examining data/argyll-2.0.1+repack/spectro/ss.h
Examining data/argyll-2.0.1+repack/spectro/pollem.c
Examining data/argyll-2.0.1+repack/spectro/spyd2.h
Examining data/argyll-2.0.1+repack/spectro/dtp22.h
Examining data/argyll-2.0.1+repack/spectro/instappsup.c
Examining data/argyll-2.0.1+repack/spectro/instappsup.h
Examining data/argyll-2.0.1+repack/spectro/vtpglut.h
Examining data/argyll-2.0.1+repack/spectro/average.c
Examining data/argyll-2.0.1+repack/spectro/oemarch.c
Examining data/argyll-2.0.1+repack/spectro/smcube.h
Examining data/argyll-2.0.1+repack/spectro/ccwin.h
Examining data/argyll-2.0.1+repack/spectro/specbos.h
Examining data/argyll-2.0.1+repack/spectro/usbio.c
Examining data/argyll-2.0.1+repack/spectro/rspec.h
Examining data/argyll-2.0.1+repack/spectro/i1pro.h
Examining data/argyll-2.0.1+repack/spectro/dispcal.c
Examining data/argyll-2.0.1+repack/spectro/spotread.c
Examining data/argyll-2.0.1+repack/spectro/colorhug.c
Examining data/argyll-2.0.1+repack/spectro/dispwin.c
Examining data/argyll-2.0.1+repack/spectro/dtp51.c
Examining data/argyll-2.0.1+repack/spectro/dtp92.c
Examining data/argyll-2.0.1+repack/spectro/huey.c
Examining data/argyll-2.0.1+repack/spectro/i1pro_imp.c
Examining data/argyll-2.0.1+repack/spectro/madvrwin.c
Examining data/argyll-2.0.1+repack/spectro/ss.c
Examining data/argyll-2.0.1+repack/spectro/ss_imp.c
Examining data/argyll-2.0.1+repack/spectro/webwin.c
Examining data/argyll-2.0.1+repack/spectro/ss_imp.h
Examining data/argyll-2.0.1+repack/spectro/munki_imp.c
Examining data/argyll-2.0.1+repack/spectro/dispsup.c
Examining data/argyll-2.0.1+repack/spectro/ccxxmake.c
Examining data/argyll-2.0.1+repack/spectro/dispread.c
Examining data/argyll-2.0.1+repack/spectro/fakeread.c
Examining data/argyll-2.0.1+repack/spectro/ccwin.c
Examining data/argyll-2.0.1+repack/spectro/ex1.c
Examining data/argyll-2.0.1+repack/spectro/xdg_bds.c
Examining data/argyll-2.0.1+repack/spectro/munki.c
Examining data/argyll-2.0.1+repack/spectro/i1pro.c
Examining data/argyll-2.0.1+repack/spectro/synthread.c
Examining data/argyll-2.0.1+repack/spectro/smcube.c
Examining data/argyll-2.0.1+repack/spectro/kleink10.c
Examining data/argyll-2.0.1+repack/spectro/i1d3.c
Examining data/argyll-2.0.1+repack/spectro/i1disp.c
Examining data/argyll-2.0.1+repack/spectro/spyd2.c
Examining data/argyll-2.0.1+repack/spectro/specbos.c
Examining data/argyll-2.0.1+repack/spectro/dtp22.c
Examining data/argyll-2.0.1+repack/spectro/dtp41.c
Examining data/argyll-2.0.1+repack/spectro/rspec.c
Examining data/argyll-2.0.1+repack/spectro/chartread.c
Examining data/argyll-2.0.1+repack/spectro/illumread.c
Examining data/argyll-2.0.1+repack/spectro/i1pro_imp.h
Examining data/argyll-2.0.1+repack/spectro/munki_imp.h
Examining data/argyll-2.0.1+repack/spectro/spec2cie.c
Examining data/argyll-2.0.1+repack/spectro/mongoose.c
Examining data/argyll-2.0.1+repack/spectro/usbio_lx.c
Examining data/argyll-2.0.1+repack/spectro/usbio_nt.c
Examining data/argyll-2.0.1+repack/spectro/hidio.c
Examining data/argyll-2.0.1+repack/spectro/vinflate.c
Examining data/argyll-2.0.1+repack/tweak/refine.c
Examining data/argyll-2.0.1+repack/target/ofps.h
Examining data/argyll-2.0.1+repack/target/targen.c
Examining data/argyll-2.0.1+repack/target/ppoint.c
Examining data/argyll-2.0.1+repack/target/simplat.c
Examining data/argyll-2.0.1+repack/target/filmtarg.c
Examining data/argyll-2.0.1+repack/target/alphix.c
Examining data/argyll-2.0.1+repack/target/prand.h
Examining data/argyll-2.0.1+repack/target/randix.h
Examining data/argyll-2.0.1+repack/target/simdlat.c
Examining data/argyll-2.0.1+repack/target/ppoint.h
Examining data/argyll-2.0.1+repack/target/alphix.h
Examining data/argyll-2.0.1+repack/target/simplat.h
Examining data/argyll-2.0.1+repack/target/ifarp.h
Examining data/argyll-2.0.1+repack/target/ifarp.c
Examining data/argyll-2.0.1+repack/target/simdlat.h
Examining data/argyll-2.0.1+repack/target/prand.c
Examining data/argyll-2.0.1+repack/target/targen.h
Examining data/argyll-2.0.1+repack/target/randix.c
Examining data/argyll-2.0.1+repack/target/printtarg.c
Examining data/argyll-2.0.1+repack/target/ofps.c
Examining data/argyll-2.0.1+repack/imdi/ctest.c
Examining data/argyll-2.0.1+repack/imdi/imdi_make.c
Examining data/argyll-2.0.1+repack/imdi/ssort.c
Examining data/argyll-2.0.1+repack/imdi/imdi_gen.c
Examining data/argyll-2.0.1+repack/imdi/cgen.c
Examining data/argyll-2.0.1+repack/imdi/refi.c
Examining data/argyll-2.0.1+repack/imdi/imdi_arch.h
Examining data/argyll-2.0.1+repack/imdi/imdi_tab.c
Examining data/argyll-2.0.1+repack/imdi/itest.c
Examining data/argyll-2.0.1+repack/imdi/imdi_gen.h
Examining data/argyll-2.0.1+repack/imdi/imdi.c
Examining data/argyll-2.0.1+repack/imdi/imdi_utl.h
Examining data/argyll-2.0.1+repack/imdi/imdi_tab.h
Examining data/argyll-2.0.1+repack/imdi/refi.h
Examining data/argyll-2.0.1+repack/imdi/cctiff.c
Examining data/argyll-2.0.1+repack/imdi/imdi.h
Examining data/argyll-2.0.1+repack/imdi/cctiffo.c
Examining data/argyll-2.0.1+repack/imdi/greytiff.c
Examining data/argyll-2.0.1+repack/xml/mxml-node.c
Examining data/argyll-2.0.1+repack/xml/mxml-search.c
Examining data/argyll-2.0.1+repack/xml/testmxml.c
Examining data/argyll-2.0.1+repack/xml/mxml-file.c
Examining data/argyll-2.0.1+repack/xml/mxmldoc.c
Examining data/argyll-2.0.1+repack/xml/mxml-private.h
Examining data/argyll-2.0.1+repack/xml/mxml-string.c
Examining data/argyll-2.0.1+repack/xml/mxml-attr.c
Examining data/argyll-2.0.1+repack/xml/mxml.h
Examining data/argyll-2.0.1+repack/xml/mxml-get.c
Examining data/argyll-2.0.1+repack/xml/mxml-index.c
Examining data/argyll-2.0.1+repack/xml/mxml-entity.c
Examining data/argyll-2.0.1+repack/xml/mxml-set.c
Examining data/argyll-2.0.1+repack/xml/mxml-private.c
Examining data/argyll-2.0.1+repack/xml/mxml-config.h
Examining data/argyll-2.0.1+repack/xicc/xcolorants.h
Examining data/argyll-2.0.1+repack/xicc/icheck.c
Examining data/argyll-2.0.1+repack/xicc/cam02ref.h
Examining data/argyll-2.0.1+repack/xicc/cam97test.c
Examining data/argyll-2.0.1+repack/xicc/xfit.c
Examining data/argyll-2.0.1+repack/xicc/iccgamut.c
Examining data/argyll-2.0.1+repack/xicc/xcolorantslu.c
Examining data/argyll-2.0.1+repack/xicc/cam97s3.c
Examining data/argyll-2.0.1+repack/xicc/xcam.c
Examining data/argyll-2.0.1+repack/xicc/xdevlin.h
Examining data/argyll-2.0.1+repack/xicc/bt1886.h
Examining data/argyll-2.0.1+repack/xicc/cgatsplot.c
Examining data/argyll-2.0.1+repack/xicc/xicc.c
Examining data/argyll-2.0.1+repack/xicc/xicc.h
Examining data/argyll-2.0.1+repack/xicc/specsubsamp.c
Examining data/argyll-2.0.1+repack/xicc/fakeCMY.c
Examining data/argyll-2.0.1+repack/xicc/xutils.h
Examining data/argyll-2.0.1+repack/xicc/cam02test.c
Examining data/argyll-2.0.1+repack/xicc/cam02.h
Examining data/argyll-2.0.1+repack/xicc/cam02plot.c
Examining data/argyll-2.0.1+repack/xicc/ccss.h
Examining data/argyll-2.0.1+repack/xicc/iccjpeg.c
Examining data/argyll-2.0.1+repack/xicc/ccttest.c
Examining data/argyll-2.0.1+repack/xicc/cam02.c
Examining data/argyll-2.0.1+repack/xicc/xcam.h
Examining data/argyll-2.0.1+repack/xicc/xdevlin.c
Examining data/argyll-2.0.1+repack/xicc/tiffgmts.c
Examining data/argyll-2.0.1+repack/xicc/bt1886.c
Examining data/argyll-2.0.1+repack/xicc/xfit.h
Examining data/argyll-2.0.1+repack/xicc/mpplu.c
Examining data/argyll-2.0.1+repack/xicc/extractttag.c
Examining data/argyll-2.0.1+repack/xicc/moncurve.c
Examining data/argyll-2.0.1+repack/xicc/cvtest.c
Examining data/argyll-2.0.1+repack/xicc/ccmx.c
Examining data/argyll-2.0.1+repack/xicc/monctest.c
Examining data/argyll-2.0.1+repack/xicc/xspect.h
Examining data/argyll-2.0.1+repack/xicc/xfbview.c
Examining data/argyll-2.0.1+repack/xicc/fbview.c
Examining data/argyll-2.0.1+repack/xicc/xlutfix.c
Examining data/argyll-2.0.1+repack/xicc/xmatrix.c
Examining data/argyll-2.0.1+repack/xicc/revfix.c
Examining data/argyll-2.0.1+repack/xicc/extracticc.c
Examining data/argyll-2.0.1+repack/xicc/xcal.h
Examining data/argyll-2.0.1+repack/xicc/ccmx.h
Examining data/argyll-2.0.1+repack/xicc/xcal.c
Examining data/argyll-2.0.1+repack/xicc/ccss.c
Examining data/argyll-2.0.1+repack/xicc/specplot.c
Examining data/argyll-2.0.1+repack/xicc/xdgb.h
Examining data/argyll-2.0.1+repack/xicc/cam97s3.h
Examining data/argyll-2.0.1+repack/xicc/xlut.c
Examining data/argyll-2.0.1+repack/xicc/spectest.c
Examining data/argyll-2.0.1+repack/xicc/xcolorants.c
Examining data/argyll-2.0.1+repack/xicc/xdgb.c
Examining data/argyll-2.0.1+repack/xicc/mpp.h
Examining data/argyll-2.0.1+repack/xicc/moncurve.h
Examining data/argyll-2.0.1+repack/xicc/xicclu.c
Examining data/argyll-2.0.1+repack/xicc/transplot.c
Examining data/argyll-2.0.1+repack/xicc/xmono.c
Examining data/argyll-2.0.1+repack/xicc/spectest2.c
Examining data/argyll-2.0.1+repack/xicc/iccjpeg.h
Examining data/argyll-2.0.1+repack/xicc/tiffgamut.c
Examining data/argyll-2.0.1+repack/xicc/cv.c
Examining data/argyll-2.0.1+repack/xicc/xspect.c
Examining data/argyll-2.0.1+repack/xicc/mpp.c
Examining data/argyll-2.0.1+repack/xicc/xutils.c
Examining data/argyll-2.0.1+repack/ucmm/ucmm.c
Examining data/argyll-2.0.1+repack/ucmm/ucmm.h
Examining data/argyll-2.0.1+repack/profile/mppcheck.c
Examining data/argyll-2.0.1+repack/profile/prof.h
Examining data/argyll-2.0.1+repack/profile/colprof.c
Examining data/argyll-2.0.1+repack/profile/profin.c
Examining data/argyll-2.0.1+repack/profile/ls2ti3.c
Examining data/argyll-2.0.1+repack/profile/cb2ti3.c
Examining data/argyll-2.0.1+repack/profile/txt2ti3.c
Examining data/argyll-2.0.1+repack/profile/simpprof.c
Examining data/argyll-2.0.1+repack/profile/applycal.c
Examining data/argyll-2.0.1+repack/profile/splitti3.c
Examining data/argyll-2.0.1+repack/profile/kodak2ti3.c
Examining data/argyll-2.0.1+repack/profile/printcal.c
Examining data/argyll-2.0.1+repack/profile/profout.c
Examining data/argyll-2.0.1+repack/profile/invprofcheck.c
Examining data/argyll-2.0.1+repack/profile/profcheck.c
Examining data/argyll-2.0.1+repack/profile/colverify.c
Examining data/argyll-2.0.1+repack/profile/mppprof.c
Examining data/argyll-2.0.1+repack/h/sort.h
Examining data/argyll-2.0.1+repack/h/xlist.h
Examining data/argyll-2.0.1+repack/h/llist.h
Examining data/argyll-2.0.1+repack/h/copyright.h
Examining data/argyll-2.0.1+repack/h/counters.h
Examining data/argyll-2.0.1+repack/h/aconfig.h
Examining data/argyll-2.0.1+repack/scanin/scanrd.h
Examining data/argyll-2.0.1+repack/scanin/scanin.c
Examining data/argyll-2.0.1+repack/scanin/scanrd.c
Examining data/argyll-2.0.1+repack/scanin/scanrd_.h
Examining data/argyll-2.0.1+repack/numlib/ui.h
Examining data/argyll-2.0.1+repack/numlib/rand.h
Examining data/argyll-2.0.1+repack/numlib/qptest.c
Examining data/argyll-2.0.1+repack/numlib/LUtest.c
Examining data/argyll-2.0.1+repack/numlib/ludecomp.c
Examining data/argyll-2.0.1+repack/numlib/tpowell.c
Examining data/argyll-2.0.1+repack/numlib/dnsq.h
Examining data/argyll-2.0.1+repack/numlib/numsup.h
Examining data/argyll-2.0.1+repack/numlib/dhsx.h
Examining data/argyll-2.0.1+repack/numlib/svd.c
Examining data/argyll-2.0.1+repack/numlib/soboltest.c
Examining data/argyll-2.0.1+repack/numlib/sobol.c
Examining data/argyll-2.0.1+repack/numlib/gnewt.c
Examining data/argyll-2.0.1+repack/numlib/ludecomp.h
Examining data/argyll-2.0.1+repack/numlib/zbrent.c
Examining data/argyll-2.0.1+repack/numlib/tdhsx.c
Examining data/argyll-2.0.1+repack/numlib/powell.h
Examining data/argyll-2.0.1+repack/numlib/dnsqtest.c
Examining data/argyll-2.0.1+repack/numlib/svd.h
Examining data/argyll-2.0.1+repack/numlib/varmet.c
Examining data/argyll-2.0.1+repack/numlib/dnsq.c
Examining data/argyll-2.0.1+repack/numlib/zbrent.h
Examining data/argyll-2.0.1+repack/numlib/quadprog.h
Examining data/argyll-2.0.1+repack/numlib/varmet.h
Examining data/argyll-2.0.1+repack/numlib/rand.c
Examining data/argyll-2.0.1+repack/numlib/dhsx.c
Examining data/argyll-2.0.1+repack/numlib/aatree.c
Examining data/argyll-2.0.1+repack/numlib/sobol.h
Examining data/argyll-2.0.1+repack/numlib/gnewt.h
Examining data/argyll-2.0.1+repack/numlib/zbrenttest.c
Examining data/argyll-2.0.1+repack/numlib/ui.c
Examining data/argyll-2.0.1+repack/numlib/roots.h
Examining data/argyll-2.0.1+repack/numlib/tconjgrad.c
Examining data/argyll-2.0.1+repack/numlib/svdtest.c
Examining data/argyll-2.0.1+repack/numlib/numlib.h
Examining data/argyll-2.0.1+repack/numlib/roots.c
Examining data/argyll-2.0.1+repack/numlib/powell.c
Examining data/argyll-2.0.1+repack/numlib/aatree.h
Examining data/argyll-2.0.1+repack/numlib/quadprog.c
Examining data/argyll-2.0.1+repack/numlib/numsup.c
Examining data/argyll-2.0.1+repack/namedc/txt2iccnc.c
Examining data/argyll-2.0.1+repack/namedc/namedc.c
Examining data/argyll-2.0.1+repack/namedc/namedc.h
Examining data/argyll-2.0.1+repack/plot/x3dom.js.h
Examining data/argyll-2.0.1+repack/plot/vrml.h
Examining data/argyll-2.0.1+repack/plot/plot.h
Examining data/argyll-2.0.1+repack/plot/x3dom.css.h
Examining data/argyll-2.0.1+repack/plot/vrml.c
Examining data/argyll-2.0.1+repack/plot/plot.c
Examining data/argyll-2.0.1+repack/usb/driver/claim_interface.c
Examining data/argyll-2.0.1+repack/usb/driver/release_interface.c
Examining data/argyll-2.0.1+repack/usb/driver/lusb_defdi_guids.h
Examining data/argyll-2.0.1+repack/usb/driver/pnp.c
Examining data/argyll-2.0.1+repack/usb/driver/get_descriptor.c
Examining data/argyll-2.0.1+repack/usb/driver/vendor_request.c
Examining data/argyll-2.0.1+repack/usb/driver/libusb_driver.c
Examining data/argyll-2.0.1+repack/usb/driver/driver_api.h
Examining data/argyll-2.0.1+repack/usb/driver/abort_endpoint.c
Examining data/argyll-2.0.1+repack/usb/driver/reset_endpoint.c
Examining data/argyll-2.0.1+repack/usb/driver/set_interface.c
Examining data/argyll-2.0.1+repack/usb/driver/get_interface.c
Examining data/argyll-2.0.1+repack/usb/driver/ioctl.c
Examining data/argyll-2.0.1+repack/usb/driver/reset_device.c
Examining data/argyll-2.0.1+repack/usb/driver/transfer.c
Examining data/argyll-2.0.1+repack/usb/driver/driver_debug.c
Examining data/argyll-2.0.1+repack/usb/driver/usbdlib_gcc.h
Examining data/argyll-2.0.1+repack/usb/driver/driver_debug.h
Examining data/argyll-2.0.1+repack/usb/driver/set_descriptor.c
Examining data/argyll-2.0.1+repack/usb/driver/clear_feature.c
Examining data/argyll-2.0.1+repack/usb/driver/set_feature.c
Examining data/argyll-2.0.1+repack/usb/driver/set_configuration.c
Examining data/argyll-2.0.1+repack/usb/driver/power.c
Examining data/argyll-2.0.1+repack/usb/driver/dispatch.c
Examining data/argyll-2.0.1+repack/usb/driver/libusb_driver.h
Examining data/argyll-2.0.1+repack/usb/driver/get_status.c
Examining data/argyll-2.0.1+repack/usb/driver/driver_registry.c
Examining data/argyll-2.0.1+repack/usb/driver/get_configuration.c
Examining data/argyll-2.0.1+repack/link/pathplot.c
Examining data/argyll-2.0.1+repack/link/monoplot.c
Examining data/argyll-2.0.1+repack/link/collink.c
Examining data/argyll-2.0.1+repack/icc/mkDispProf.c
Examining data/argyll-2.0.1+repack/icc/iccstd.c
Examining data/argyll-2.0.1+repack/icc/icctest.c
Examining data/argyll-2.0.1+repack/icc/iccdump.c
Examining data/argyll-2.0.1+repack/icc/lutest.c
Examining data/argyll-2.0.1+repack/icc/testDE2K.c
Examining data/argyll-2.0.1+repack/icc/icclu.c
Examining data/argyll-2.0.1+repack/icc/iccV42.h
Examining data/argyll-2.0.1+repack/icc/iccrw.c
Examining data/argyll-2.0.1+repack/icc/mcheck.c
Examining data/argyll-2.0.1+repack/icc/icc.c
Examining data/argyll-2.0.1+repack/icc/icc.h
Examining data/argyll-2.0.1+repack/rspl/cw1.c
Examining data/argyll-2.0.1+repack/rspl/trnd.c
Examining data/argyll-2.0.1+repack/rspl/t3d.c
Examining data/argyll-2.0.1+repack/rspl/rspl.c
Examining data/argyll-2.0.1+repack/rspl/gam.h
Examining data/argyll-2.0.1+repack/rspl/c1df.c
Examining data/argyll-2.0.1+repack/rspl/t2ddf.c
Examining data/argyll-2.0.1+repack/rspl/gam.c
Examining data/argyll-2.0.1+repack/rspl/smtnd.c
Examining data/argyll-2.0.1+repack/rspl/opt.c
Examining data/argyll-2.0.1+repack/rspl/scat2.c
Examining data/argyll-2.0.1+repack/rspl/cw3.c
Examining data/argyll-2.0.1+repack/rspl/sm3.c
Examining data/argyll-2.0.1+repack/rspl/stest.c
Examining data/argyll-2.0.1+repack/rspl/sm1.c
Examining data/argyll-2.0.1+repack/rspl/t3ddf.c
Examining data/argyll-2.0.1+repack/rspl/spline.c
Examining data/argyll-2.0.1+repack/rspl/rspl.h
Examining data/argyll-2.0.1+repack/rspl/scat.c
Examining data/argyll-2.0.1+repack/rspl/mlbs.c
Examining data/argyll-2.0.1+repack/rspl/mlbs.h
Examining data/argyll-2.0.1+repack/rspl/rspl1.c
Examining data/argyll-2.0.1+repack/rspl/rev.h
Examining data/argyll-2.0.1+repack/rspl/sm2.c
Examining data/argyll-2.0.1+repack/rspl/tnd.c
Examining data/argyll-2.0.1+repack/rspl/c1.c
Examining data/argyll-2.0.1+repack/rspl/rspl_imp.h
Examining data/argyll-2.0.1+repack/rspl/smtmpp.c
Examining data/argyll-2.0.1+repack/rspl/t2d.c
Examining data/argyll-2.0.1+repack/rspl/rspl1.h
Examining data/argyll-2.0.1+repack/rspl/revbench.c
Examining data/argyll-2.0.1+repack/rspl/rev.c
Examining data/argyll-2.0.1+repack/cgats/pars.c
Examining data/argyll-2.0.1+repack/cgats/cgats.c
Examining data/argyll-2.0.1+repack/cgats/cgats.h
Examining data/argyll-2.0.1+repack/cgats/cgatsstd.c
Examining data/argyll-2.0.1+repack/cgats/pars.h
Examining data/argyll-2.0.1+repack/cgats/parsstd.c
Examining data/argyll-2.0.1+repack/jcnf/test.c
Examining data/argyll-2.0.1+repack/jcnf/jcnf.c
Examining data/argyll-2.0.1+repack/jcnf/jcnf.h
Examining data/argyll-2.0.1+repack/gamut/fakegam.c
Examining data/argyll-2.0.1+repack/gamut/GenVisGam.c
Examining data/argyll-2.0.1+repack/gamut/smthtest.c
Examining data/argyll-2.0.1+repack/gamut/gammap.h
Examining data/argyll-2.0.1+repack/gamut/GenRMGam.c
Examining data/argyll-2.0.1+repack/gamut/maptest.c
Examining data/argyll-2.0.1+repack/gamut/surftest.c
Examining data/argyll-2.0.1+repack/gamut/nearsmth.c
Examining data/argyll-2.0.1+repack/gamut/nearsmth.h
Examining data/argyll-2.0.1+repack/gamut/gammap.c
Examining data/argyll-2.0.1+repack/gamut/isecvol.c
Examining data/argyll-2.0.1+repack/gamut/viewgam.c
Examining data/argyll-2.0.1+repack/gamut/gamut.c
Examining data/argyll-2.0.1+repack/gamut/gamut.h
FINAL RESULTS:
data/argyll-2.0.1+repack/spectro/mongoose.c:1177:10: [5] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
it appears that the size is given as bytes, but the function requires size
as characters.
(void) MultiByteToWideChar(CP_UTF8, 0, buf, -1, wbuf, sizeof(wbuf));
data/argyll-2.0.1+repack/ccast/axTLS/crypto_misc.c:274:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s\n", format);
data/argyll-2.0.1+repack/ccast/axTLS/crypto_misc.c:275:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(tmp, ap);
data/argyll-2.0.1+repack/ccast/axTLS/gen_cert.c:145:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&buf[*offset], name);
data/argyll-2.0.1+repack/ccast/axTLS/openssl.c:305:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(f, format, ap);
data/argyll-2.0.1+repack/ccast/axTLS/os_port.c:156:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, argp);
data/argyll-2.0.1+repack/ccast/axTLS/os_port.h:88:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/argyll-2.0.1+repack/ccast/axTLS/os_port.h:88:33: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:911:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)q, label);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:2204:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(not_ok ? "Error - invalid State:\t" : "State:\t");
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:2205:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(is_send ? "sending " : "receiving ");
data/argyll-2.0.1+repack/ccast/ccast.c:61:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(g_log,0,"yajl_tree_parse of send message failed with '%s'\n",errbuf);
data/argyll-2.0.1+repack/ccast/ccast.c:62:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(g_log,0,"JSON = '%s'\n",mesbuf);
data/argyll-2.0.1+repack/ccast/ccast.c:358:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mesbuf, "{ \"requestId\": %d, \"type\": \"STOP\", \"sessionId\": \"%s\" }",
data/argyll-2.0.1+repack/ccast/ccast.c:497:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mesbuf, "{ \"requestId\": %d, \"type\": \"LAUNCH\", \"appId\": \"%s\" }",
data/argyll-2.0.1+repack/ccast/ccast.c:696:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mesbuf, "{ \"requestId\": %d, \"type\": \"LOAD\", \"media\": "
data/argyll-2.0.1+repack/ccast/ccast.c:703:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mesbuf, "{ \"requestId\": %d, \"type\": \"LOAD\", \"media\": "
data/argyll-2.0.1+repack/ccast/ccast.c:710:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mesbuf, "{ \"requestId\": %d, \"type\": \"LOAD\", \"media\": "
data/argyll-2.0.1+repack/ccast/ccmdns.c:935:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fn, ss + 3);
data/argyll-2.0.1+repack/cgats/cgats.c:58:19: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define DBGF(xx) fprintf xx
data/argyll-2.0.1+repack/cgats/cgats.c:184:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(p->err, fmt, args);
data/argyll-2.0.1+repack/cgats/cgats.c:190:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->ferr, p->err);
data/argyll-2.0.1+repack/cgats/cgats.c:458:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->cgats_type,tp);
data/argyll-2.0.1+repack/cgats/cgats.c:801:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->cgats_type,osym);
data/argyll-2.0.1+repack/cgats/cgats.c:820:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->others[p->nothers-1],osym);
data/argyll-2.0.1+repack/cgats/cgats.c:1339:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tcs,"%s %d, %d",amonths[ptm->tm_mon],ptm->tm_mday,1900+ptm->tm_year);
data/argyll-2.0.1+repack/cgats/cgats.c:1629:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, (char *)dpoint);
data/argyll-2.0.1+repack/cgats/cgats.c:2212:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/cgats/cgats.c:2224:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/cgats/cgatsstd.c:44:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(p->err, fmt, args);
data/argyll-2.0.1+repack/cgats/cgatsstd.c:50:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->ferr, p->err);
data/argyll-2.0.1+repack/cgats/pars.c:44:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/argyll-2.0.1+repack/cgats/pars.c:45:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/argyll-2.0.1+repack/cgats/pars.c:45:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/argyll-2.0.1+repack/cgats/pars.c:280:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf((char *)p->cur, (p->aend - p->cur), format, args);
data/argyll-2.0.1+repack/cgats/pars.c:652:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/cgats/pars.c:664:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/cgats/parsstd.c:263:7: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
rv = vfprintf(p->fp, format, args);
data/argyll-2.0.1+repack/cgats/parsstd.c:393:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nmode, mode);
data/argyll-2.0.1+repack/cgats/parsstd.c:411:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pp->filename, name);
data/argyll-2.0.1+repack/gamut/fakegam.c:211:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_name,argv[fa++]);
data/argyll-2.0.1+repack/gamut/gamut.c:4920:36: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define ISDBG(xxx) if (deb_insect) printf xxx
data/argyll-2.0.1+repack/gamut/gamut.c:5009:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(isect2, vrml_ext());
data/argyll-2.0.1+repack/gamut/gamut.c:5010:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(isect, vrml_ext());
data/argyll-2.0.1+repack/gamut/gamut.c:6263:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf1,"CUSP_%s", cnames[i]);
data/argyll-2.0.1+repack/gamut/gamut.c:6415:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf1,"CUSP_%s", cnames[i]);
data/argyll-2.0.1+repack/gamut/maptest.c:66:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(gammapwrl, vrml_ext());
data/argyll-2.0.1+repack/gamut/maptest.c:116:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in_name,argv[fa++]);
data/argyll-2.0.1+repack/gamut/maptest.c:119:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_name,argv[fa++]);
data/argyll-2.0.1+repack/gamut/maptest.c:122:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(diag_name,argv[fa++]);
data/argyll-2.0.1+repack/gamut/nearsmth.c:105:19: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define VA(xxxx) printf xxxx
data/argyll-2.0.1+repack/gamut/nearsmth.c:107:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define VB(xxxx) printf xxxx
data/argyll-2.0.1+repack/gamut/nearsmth.c:1898:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(src_gam_name, vrml_ext());
data/argyll-2.0.1+repack/gamut/nearsmth.c:1902:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(src_gam_name, vrml_ext());
data/argyll-2.0.1+repack/gamut/nearsmth.c:1959:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dst_gam_name, vrml_ext());
data/argyll-2.0.1+repack/gamut/nearsmth.c:1963:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dst_gam_name, vrml_ext());
data/argyll-2.0.1+repack/gamut/smthtest.c:171:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in_name,argv[fa++]);
data/argyll-2.0.1+repack/gamut/smthtest.c:174:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_name,argv[fa++]);
data/argyll-2.0.1+repack/gamut/smthtest.c:177:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(diag_name,argv[fa++]);
data/argyll-2.0.1+repack/gamut/viewgam.c:53:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, diag, args);
data/argyll-2.0.1+repack/gamut/viewgam.c:462:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf1,"CUSP_%s", cnames[i]);
data/argyll-2.0.1+repack/gamut/viewgam.c:540:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/gamut/viewgam.c:553:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/icc/icc.c:77:35: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#if defined(_MSC_VER) && !defined(vsnprintf)
data/argyll-2.0.1+repack/icc/icc.c:78:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/argyll-2.0.1+repack/icc/icc.c:79:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/argyll-2.0.1+repack/icc/icc.c:79:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/argyll-2.0.1+repack/icc/icc.c:100:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBGSL(xxx) printf xxx ;
data/argyll-2.0.1+repack/icc/icc.c:108:21: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBGSLC(xxx) printf xxx ;
data/argyll-2.0.1+repack/icc/icc.c:116:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBGLL(xxx) printf xxx ;
data/argyll-2.0.1+repack/icc/icc.c:124:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBLLL(xxx) printf xxx ;
data/argyll-2.0.1+repack/icc/icc.c:388:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf((char *)p->cur, (p->aend - p->cur), format, args);
data/argyll-2.0.1+repack/icc/icc.c:1491:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"Unrecognized - %s",tag2str(sig));
data/argyll-2.0.1+repack/icc/icc.c:1545:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"Unrecognized - %s",tag2str(sig));
data/argyll-2.0.1+repack/icc/icc.c:1603:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"Unrecognized - %s",tag2str(sig));
data/argyll-2.0.1+repack/icc/icc.c:1691:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"Unrecognized - %s",tag2str(sig));
data/argyll-2.0.1+repack/icc/icc.c:1723:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"Unrecognized - %s",tag2str(sig));
data/argyll-2.0.1+repack/icc/icc.c:1745:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"Unrecognized - %s",tag2str(sig));
data/argyll-2.0.1+repack/icc/icc.c:4739:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"%d %s %4d, %d:%02d:%02d",
data/argyll-2.0.1+repack/icc/icc.c:7250:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->root, bp);
data/argyll-2.0.1+repack/icc/icc.c:7315:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(d, p->root);
data/argyll-2.0.1+repack/icc/icc.c:7486:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->prefix, bp);
data/argyll-2.0.1+repack/icc/icc.c:7501:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->suffix, bp);
data/argyll-2.0.1+repack/icc/icc.c:7616:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bp, p->prefix);
data/argyll-2.0.1+repack/icc/icc.c:7625:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bp, p->suffix);
data/argyll-2.0.1+repack/icc/icc.c:8241:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(icp->err,"icmTextDescription_read: Wrong tag type ('%s') for icmTextDescription",
data/argyll-2.0.1+repack/icc/icc.c:8277:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->desc, bp);
data/argyll-2.0.1+repack/icc/icc.c:8442:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bp, p->desc);
data/argyll-2.0.1+repack/icc/icc.c:11567:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err,"icc_check_legal: deviceClass %s is missing required tag %s",
data/argyll-2.0.1+repack/icc/icc.c:11685:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err,"icc_read: tag %d sig %s offset %d size %d is out of range of the nominated file size %d",i,tag2str(p->data[i].sig),p->data[i].offset,p->data[i].size,maxoff);
data/argyll-2.0.1+repack/icc/icc.c:12500:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err,"icc_add_tag: Already have tag '%s' in profile",tag2str(p->data[j].sig));
data/argyll-2.0.1+repack/icc/icc.c:12567:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err,"icc_link_tag: Can't find existing tag '%s'",tag2str(ex_sig));
data/argyll-2.0.1+repack/icc/icc.c:12573:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err,"icc_link_tag: Existing tag '%s' isn't loaded",tag2str(ex_sig));
data/argyll-2.0.1+repack/icc/icc.c:12598:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err,"icc_link_tag: Already have tag '%s' in profile",tag2str(p->data[j].sig));
data/argyll-2.0.1+repack/icc/icc.c:12759:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err,"icc_read_tag: Tag '%s' not found",string_TagSignature(sig));
data/argyll-2.0.1+repack/icc/icc.c:12784:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err,"icc_read_tag: Tag '%s' not found",string_TagSignature(sig));
data/argyll-2.0.1+repack/icc/icc.c:12808:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err,"icc_rename_tag: Tag '%s' not found",string_TagSignature(sig));
data/argyll-2.0.1+repack/icc/icc.c:12859:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err,"icc_unread_tag: Tag '%s' not currently loaded",string_TagSignature(p->data[i].sig));
data/argyll-2.0.1+repack/icc/icc.c:12888:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err,"icc_unread_tag: Tag '%s' not found",string_TagSignature(sig));
data/argyll-2.0.1+repack/icc/icc.c:12942:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err,"icc_delete_tag: Tag '%s' not found",string_TagSignature(sig));
data/argyll-2.0.1+repack/icc/icc.h:127:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/argyll-2.0.1+repack/icc/icc.h:128:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/argyll-2.0.1+repack/icc/icc.h:128:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/argyll-2.0.1+repack/icc/iccdump.c:115:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in_name,argv[fa]);
data/argyll-2.0.1+repack/icc/iccdump.c:256:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/icc/iccdump.c:269:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/icc/icclu.c:236:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prof_name,argv[fa]);
data/argyll-2.0.1+repack/icc/icclu.c:389:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/icc/icclu.c:402:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/icc/iccrw.c:87:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in_name,argv[fa++]);
data/argyll-2.0.1+repack/icc/iccrw.c:90:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_name,argv[fa]);
data/argyll-2.0.1+repack/icc/iccrw.c:295:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/icc/iccrw.c:308:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/icc/iccstd.c:255:7: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
rv = vfprintf(p->fp, format, args);
data/argyll-2.0.1+repack/icc/iccstd.c:368:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nmode, mode);
data/argyll-2.0.1+repack/icc/icctest.c:394:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->ppname, str1); /* Copy the text in */
data/argyll-2.0.1+repack/icc/icctest.c:396:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->crdname[i], str2[i]); /* Copy the text in */
data/argyll-2.0.1+repack/icc/icctest.c:552:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)wo->data, ts1); /* Copy the text in */
data/argyll-2.0.1+repack/icc/icctest.c:1200:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->data[i].device.desc, ts1); /* Copy the string in */
data/argyll-2.0.1+repack/icc/icctest.c:1212:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)wo->data[i].device.scDesc, ts3a); /* Copy the string in */
data/argyll-2.0.1+repack/icc/icctest.c:1218:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->data[i].model.desc, ts1); /* Copy the string in */
data/argyll-2.0.1+repack/icc/icctest.c:1230:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)wo->data[i].model.scDesc, ts3b); /* Copy the string in */
data/argyll-2.0.1+repack/icc/icctest.c:1418:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, ts1); /* Copy the string in */
data/argyll-2.0.1+repack/icc/icctest.c:1432:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)wo->scDesc, ts3); /* Copy the string in */
data/argyll-2.0.1+repack/icc/icctest.c:1473:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->data, ts1); /* Copy the text in */
data/argyll-2.0.1+repack/icc/icctest.c:1557:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->string, ts1); /* Copy the text in */
data/argyll-2.0.1+repack/icc/icctest.c:1610:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->string, ts1); /* Copy the text in */
data/argyll-2.0.1+repack/icc/icctest.c:2376:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/icc/icctest.c:2389:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/icc/lutest.c:911:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, dst); /* Copy the string in */
data/argyll-2.0.1+repack/icc/lutest.c:923:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->data, crt); /* Copy the text in */
data/argyll-2.0.1+repack/icc/lutest.c:1205:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, dst); /* Copy the string in */
data/argyll-2.0.1+repack/icc/lutest.c:1217:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->data, crt); /* Copy the text in */
data/argyll-2.0.1+repack/icc/lutest.c:1604:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, dst); /* Copy the string in */
data/argyll-2.0.1+repack/icc/lutest.c:1616:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->data, crt); /* Copy the text in */
data/argyll-2.0.1+repack/icc/lutest.c:1933:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, dst); /* Copy the string in */
data/argyll-2.0.1+repack/icc/lutest.c:1945:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->data, crt); /* Copy the text in */
data/argyll-2.0.1+repack/icc/lutest.c:2505:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, dst); /* Copy the string in */
data/argyll-2.0.1+repack/icc/lutest.c:2517:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->data, crt); /* Copy the text in */
data/argyll-2.0.1+repack/icc/lutest.c:3015:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, dst); /* Copy the string in */
data/argyll-2.0.1+repack/icc/lutest.c:3027:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->data, crt); /* Copy the text in */
data/argyll-2.0.1+repack/icc/lutest.c:3503:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/icc/lutest.c:3516:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/icc/mcheck.c:132:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in_name,argv[fa]);
data/argyll-2.0.1+repack/icc/mcheck.c:134:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_name, in_name);
data/argyll-2.0.1+repack/icc/mcheck.c:313:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/icc/mcheck.c:326:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/icc/mkDispProf.c:102:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_name,argv[fa]);
data/argyll-2.0.1+repack/icc/mkDispProf.c:147:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, dst); /* Copy the string in */
data/argyll-2.0.1+repack/icc/mkDispProf.c:148:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)wo->scDesc, dst); /* Copy the string in */
data/argyll-2.0.1+repack/icc/mkDispProf.c:160:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->data, crt); /* Copy the text in */
data/argyll-2.0.1+repack/icc/mkDispProf.c:339:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/icc/mkDispProf.c:351:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/imdi/cctiff.c:116:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, diag, args);
data/argyll-2.0.1+repack/imdi/cctiff.c:1679:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wdesc, rdesc);
data/argyll-2.0.1+repack/imdi/cctiff.c:1682:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(wdesc, ddesc);
data/argyll-2.0.1+repack/imdi/cctiff.c:2097:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wdesc, rdesc);
data/argyll-2.0.1+repack/imdi/cctiff.c:2100:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(wdesc, ddesc);
data/argyll-2.0.1+repack/imdi/cctiffo.c:579:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(su.in.name,argv[fa++]);
data/argyll-2.0.1+repack/imdi/cctiffo.c:582:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(su.out.name,argv[fa++]);
data/argyll-2.0.1+repack/imdi/cctiffo.c:585:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(su.dev.name,argv[fa++]);
data/argyll-2.0.1+repack/imdi/cctiffo.c:589:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in_name,argv[fa++]);
data/argyll-2.0.1+repack/imdi/cctiffo.c:592:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_name,argv[fa++]);
data/argyll-2.0.1+repack/imdi/cctiffo.c:1081:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/imdi/cctiffo.c:1094:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/imdi/cgen.c:180:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(g->kkeys, (char *)kk); /* Kernel keys for this session */
data/argyll-2.0.1+repack/imdi/cgen.c:1175:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(toff,"%s",rde);
data/argyll-2.0.1+repack/imdi/cgen.c:2056:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(f->of, fmt, args);
data/argyll-2.0.1+repack/imdi/cgen.c:2073:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(f->of, fmt, args);
data/argyll-2.0.1+repack/imdi/cgen.c:2084:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(f->of, fmt, args);
data/argyll-2.0.1+repack/imdi/cgen.c:2095:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(f->of, fmt, args);
data/argyll-2.0.1+repack/imdi/cgen.c:2108:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(f->of, fmt, args);
data/argyll-2.0.1+repack/imdi/cgen.c:2123:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(f->of, fmt, args);
data/argyll-2.0.1+repack/imdi/cgen.c:2140:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(f->of, fmt, args);
data/argyll-2.0.1+repack/imdi/greytiff.c:272:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prof_name,argv[fa++]);
data/argyll-2.0.1+repack/imdi/greytiff.c:275:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in_name,argv[fa++]);
data/argyll-2.0.1+repack/imdi/greytiff.c:278:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_name,argv[fa++]);
data/argyll-2.0.1+repack/imdi/imdi_gen.c:215:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gs->kdesc,"%d_%d_%s_%s_%s", gs->id, gs->od, idesc, odesc, ddesc);
data/argyll-2.0.1+repack/imdi/imdi_make.c:124:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(kn->name, name);
data/argyll-2.0.1+repack/imdi/imdi_make.c:125:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(kn->desc, desc);
data/argyll-2.0.1+repack/imdi/imdi_make.c:222:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp, "%simdi_k.h",dirname);
data/argyll-2.0.1+repack/imdi/imdi_make.c:229:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp, "%simdi_k.c",dirname);
data/argyll-2.0.1+repack/imdi/imdi_make.c:264:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp, "%s%s.c",dirname,ofname);
data/argyll-2.0.1+repack/imdi/ssort.c:263:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(f->of, fmt, args);
data/argyll-2.0.1+repack/imdi/ssort.c:277:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(f->of, fmt, args);
data/argyll-2.0.1+repack/imdi/ssort.c:294:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(f->of, fmt, args);
data/argyll-2.0.1+repack/imdi/ssort.c:306:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(f->of, fmt, args);
data/argyll-2.0.1+repack/imdi/ssort.c:318:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(f->of, fmt, args);
data/argyll-2.0.1+repack/jcnf/jcnf.c:865:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tname, p->fname);
data/argyll-2.0.1+repack/jcnf/test.c:157:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/link/collink.c:204:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, diag, args);
data/argyll-2.0.1+repack/link/collink.c:4043:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, dst); /* Copy the string in */
data/argyll-2.0.1+repack/link/collink.c:4061:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->data, crt); /* Copy the text in */
data/argyll-2.0.1+repack/link/collink.c:4074:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, dst); /* Copy the string in */
data/argyll-2.0.1+repack/link/collink.c:4087:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, dst); /* Copy the string in */
data/argyll-2.0.1+repack/link/collink.c:4167:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->data[i].device.desc, ddesc->desc);
data/argyll-2.0.1+repack/link/collink.c:4177:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)wo->data[i].device.scDesc, (char *)ddesc->scDesc);
data/argyll-2.0.1+repack/link/collink.c:4185:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->data[i].model.desc, mdesc->desc);
data/argyll-2.0.1+repack/link/collink.c:4195:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)wo->data[i].model.scDesc, (char *)mdesc->scDesc);
data/argyll-2.0.1+repack/link/collink.c:4239:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->data[j].name, ro->data[j].name);
data/argyll-2.0.1+repack/link/collink.c:4308:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->data[j].name, name);
data/argyll-2.0.1+repack/link/monoplot.c:96:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in_name,argv[fa++]);
data/argyll-2.0.1+repack/link/monoplot.c:99:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(link_name,argv[fa++]);
data/argyll-2.0.1+repack/link/monoplot.c:102:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_name,argv[fa++]);
data/argyll-2.0.1+repack/link/pathplot.c:151:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in_name,argv[fa++]);
data/argyll-2.0.1+repack/link/pathplot.c:154:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(link_name,argv[fa++]);
data/argyll-2.0.1+repack/link/pathplot.c:157:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_name,argv[fa++]);
data/argyll-2.0.1+repack/namedc/namedc.c:256:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, p->pfx);
data/argyll-2.0.1+repack/namedc/namedc.c:945:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, tag->prefix);
data/argyll-2.0.1+repack/namedc/namedc.c:946:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(name, tag->data[i].root);
data/argyll-2.0.1+repack/namedc/namedc.c:947:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(name, tag->suffix);
data/argyll-2.0.1+repack/namedc/namedc.c:1263:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, diag, args);
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:46:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, diag, args);
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:133:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, desc); /* Copy the string in */
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:149:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->data, crt); /* Copy the text in */
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:186:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((rv = sscanf(buf, " %lf %lf %lf %s %s %s\n",&rgb[0], &rgb[1], &rgb[2], s1, s2, s3)) >= 4) {
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:212:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((rv = sscanf(buf, " %lf %lf %lf %s %s %s\n",&rgb[0], &rgb[1], &rgb[2], s1, s2, s3)) >= 4) {
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:218:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s1, s2);
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:222:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s1, s3);
data/argyll-2.0.1+repack/numlib/gnewt.c:17:18: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define DBG(xx) printf xx;
data/argyll-2.0.1+repack/numlib/numsup.c:81:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exe_path, argv0);
data/argyll-2.0.1+repack/numlib/numsup.c:157:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(b1, exe_path); /* Construct path */
data/argyll-2.0.1+repack/numlib/numsup.c:159:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(b2, 0) == 0) { /* See if exe exits */
data/argyll-2.0.1+repack/numlib/numsup.c:167:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exe_path, b2);
data/argyll-2.0.1+repack/numlib/numsup.c:189:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tpath, exe_path + i + 1);
data/argyll-2.0.1+repack/numlib/numsup.c:359:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sysinfo,"%s %s %s %s",ver.sysname, ver.version, ver.release, ver.machine);
data/argyll-2.0.1+repack/numlib/numsup.c:382:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, args);
data/argyll-2.0.1+repack/numlib/numsup.c:388:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/numlib/numsup.c:581:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(log->errm, A1_LOG_BUFSIZE, fmt, args);
data/argyll-2.0.1+repack/numlib/numsup.c:629:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
bp += sprintf(bp,"%s%04x:",pfx,base+i);
data/argyll-2.0.1+repack/numlib/numsup.c:2898:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(bp, fmt, p[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/numlib/numsup.h:175:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#ifndef snprintf
data/argyll-2.0.1+repack/numlib/numsup.h:176:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/argyll-2.0.1+repack/numlib/numsup.h:176:19: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/argyll-2.0.1+repack/numlib/numsup.h:177:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define vsnprintf _vsnprintf
data/argyll-2.0.1+repack/numlib/numsup.h:201:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
# define sys_access access
data/argyll-2.0.1+repack/numlib/powell.c:54:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define PDBG(xxx) printf xxx ;
data/argyll-2.0.1+repack/numlib/powell.c:62:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define CDBG(xxx) printf xxx ;
data/argyll-2.0.1+repack/numlib/powell.c:70:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define LDBG(xxx) printf xxx ;
data/argyll-2.0.1+repack/numlib/varmet.c:33:19: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define DBG(xxx) printf xxx ;
data/argyll-2.0.1+repack/plot/plot.c:795:21: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugf(xx) printf xx
data/argyll-2.0.1+repack/plot/plot.c:1121:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(temp,str,x);
data/argyll-2.0.1+repack/plot/plot.c:1356:21: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugf(xx) printf xx
data/argyll-2.0.1+repack/plot/plot.c:1763:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(temp,str,x);
data/argyll-2.0.1+repack/plot/plot.c:1968:21: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugf(xx) printf xx
data/argyll-2.0.1+repack/plot/plot.c:2238:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(temp,str,x);
data/argyll-2.0.1+repack/plot/plot.c:2461:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(fp, fmt, args);
data/argyll-2.0.1+repack/plot/vrml.c:1442:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->name, name);
data/argyll-2.0.1+repack/plot/vrml.c:1454:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xl, vrml_ext());
data/argyll-2.0.1+repack/plot/vrml.c:1773:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(x3name, s->name);
data/argyll-2.0.1+repack/profile/applycal.c:41:18: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBG(xxx) printf xxx ;
data/argyll-2.0.1+repack/profile/applycal.c:55:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, diag, args);
data/argyll-2.0.1+repack/profile/applycal.c:374:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, ro->desc); /* Copy the string in */
data/argyll-2.0.1+repack/profile/applycal.c:385:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ro->desc, wo->desc);
data/argyll-2.0.1+repack/profile/applycal.c:387:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ro->desc, extra);
data/argyll-2.0.1+repack/profile/applycal.c:575:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ro->desc, wo->desc); /* Restore description */
data/argyll-2.0.1+repack/profile/cb2ti3.c:110:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inname,argv[fa]);
data/argyll-2.0.1+repack/profile/cb2ti3.c:111:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tarname,argv[fa++]);
data/argyll-2.0.1+repack/profile/cb2ti3.c:116:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname, argv[fa++]);
data/argyll-2.0.1+repack/profile/colprof.c:88:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, diag, args);
data/argyll-2.0.1+repack/profile/colprof.c:991:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inname, baname);
data/argyll-2.0.1+repack/profile/colprof.c:994:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname, baname);
data/argyll-2.0.1+repack/profile/colprof.c:995:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outname, ICC_FILE_EXT);
data/argyll-2.0.1+repack/profile/colverify.c:52:18: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBG(xxx) printf xxx ;
data/argyll-2.0.1+repack/profile/colverify.c:445:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_name, cg[1].name);
data/argyll-2.0.1+repack/profile/colverify.c:650:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cg[n].pat[i].sid, (char *)cgf->t[0].fdata[i][sidx]);
data/argyll-2.0.1+repack/profile/colverify.c:652:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cg[n].pat[i].loc, (char *)cgf->t[0].fdata[i][sldx]);
data/argyll-2.0.1+repack/profile/colverify.c:824:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cg[n].pat[i].sid, (char *)cgf->t[0].fdata[i][sidx]);
data/argyll-2.0.1+repack/profile/colverify.c:826:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cg[n].pat[i].loc, (char *)cgf->t[0].fdata[i][sldx]);
data/argyll-2.0.1+repack/profile/kodak2ti3.c:118:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tarname, na);
data/argyll-2.0.1+repack/profile/kodak2ti3.c:133:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inname,argv[fa++]);
data/argyll-2.0.1+repack/profile/kodak2ti3.c:137:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname, argv[fa++]);
data/argyll-2.0.1+repack/profile/mppcheck.c:144:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ti3name,argv[fa++]);
data/argyll-2.0.1+repack/profile/mppcheck.c:147:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mppname,argv[fa++]);
data/argyll-2.0.1+repack/profile/mppcheck.c:289:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname,"%s_%s",bident,icx_ink2char(imask));
data/argyll-2.0.1+repack/profile/mppprof.c:214:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inname,argv[fa]);
data/argyll-2.0.1+repack/profile/mppprof.c:216:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname,argv[fa]);
data/argyll-2.0.1+repack/profile/mppprof.c:410:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname,"%s_%s",bident,icx_ink2char(imask));
data/argyll-2.0.1+repack/profile/printcal.c:80:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, diag, args);
data/argyll-2.0.1+repack/profile/printcal.c:190:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s_I",bident);
data/argyll-2.0.1+repack/profile/printcal.c:195:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s_%s",bident,icx_ink2char(imask));
data/argyll-2.0.1+repack/profile/printcal.c:268:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "ctg_read: unrecognized COLOR_REP '%s'",cg->t[tab].kdata[ti]);
data/argyll-2.0.1+repack/profile/printcal.c:280:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s_I",bident);
data/argyll-2.0.1+repack/profile/printcal.c:282:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "ctg_read: Can't find field %s",buf);
data/argyll-2.0.1+repack/profile/printcal.c:288:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s_%s",bident,icx_ink2char(imask));
data/argyll-2.0.1+repack/profile/printcal.c:290:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "ctg_read: Can't find field %s",buf);
data/argyll-2.0.1+repack/profile/printcal.c:865:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inname,baname); /* new .ti3 file */
data/argyll-2.0.1+repack/profile/printcal.c:867:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname,baname); /* New .cal file */
data/argyll-2.0.1+repack/profile/printcal.c:869:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ampname,baname); /* New .amp file */
data/argyll-2.0.1+repack/profile/printcal.c:987:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s_I_DE",bident);
data/argyll-2.0.1+repack/profile/printcal.c:993:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s_%s_DE",bident,icx_ink2char(imask));
data/argyll-2.0.1+repack/profile/printcal.c:1069:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s_%s",bident,icx_ink2char(imask));
data/argyll-2.0.1+repack/profile/printcal.c:2155:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s_I",bident);
data/argyll-2.0.1+repack/profile/printcal.c:2160:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s_%s",bident,icx_ink2char(imask));
data/argyll-2.0.1+repack/profile/printcal.c:2206:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s_I_DE",bident);
data/argyll-2.0.1+repack/profile/printcal.c:2211:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s_%s_DE",bident,icx_ink2char(imask));
data/argyll-2.0.1+repack/profile/profcheck.c:244:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, na);
data/argyll-2.0.1+repack/profile/profcheck.c:712:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tpat[i].sid, (char *)icg->t[0].fdata[i][sidx]);
data/argyll-2.0.1+repack/profile/profcheck.c:714:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tpat[i].slo, (char *)icg->t[0].fdata[i][sloc]);
data/argyll-2.0.1+repack/profile/profcheck.c:889:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tpat[i].sid, (char *)icg->t[0].fdata[i][sidx]);
data/argyll-2.0.1+repack/profile/profcheck.c:891:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tpat[i].slo, (char *)icg->t[0].fdata[i][sloc]);
data/argyll-2.0.1+repack/profile/profcheck.c:1088:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname, ti3name);
data/argyll-2.0.1+repack/profile/profin.c:85:18: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBG(xxx) printf xxx ;
data/argyll-2.0.1+repack/profile/profin.c:392:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, dst); /* Copy the string in */
data/argyll-2.0.1+repack/profile/profin.c:410:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->data, crt); /* Copy the text in */
data/argyll-2.0.1+repack/profile/profin.c:423:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, dst); /* Copy the string in */
data/argyll-2.0.1+repack/profile/profin.c:436:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, dst); /* Copy the string in */
data/argyll-2.0.1+repack/profile/profout.c:157:18: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBG(xxx) printf xxx ;
data/argyll-2.0.1+repack/profile/profout.c:1122:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dstm, "This is a Lut style %s - %s Output Profile",
data/argyll-2.0.1+repack/profile/profout.c:1135:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, dst); /* Copy the string in */
data/argyll-2.0.1+repack/profile/profout.c:1153:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->data, crt); /* Copy the text in */
data/argyll-2.0.1+repack/profile/profout.c:1166:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, dst); /* Copy the string in */
data/argyll-2.0.1+repack/profile/profout.c:1179:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, dst); /* Copy the string in */
data/argyll-2.0.1+repack/profile/profout.c:1243:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->data[i].name, name);
data/argyll-2.0.1+repack/profile/simpprof.c:234:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inname,argv[fa]);
data/argyll-2.0.1+repack/profile/simpprof.c:236:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname,argv[fa]);
data/argyll-2.0.1+repack/profile/splitti3.c:278:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname,"%s_%s",nmask == ICX_W || nmask == ICX_K ? "GRAY" : bident,
data/argyll-2.0.1+repack/profile/txt2ti3.c:213:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(devname,argv[fa]);
data/argyll-2.0.1+repack/profile/txt2ti3.c:214:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ciename,argv[fa++]);
data/argyll-2.0.1+repack/profile/txt2ti3.c:216:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname, argv[fa++]);
data/argyll-2.0.1+repack/profile/txt2ti3.c:222:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(devname,argv[fa++]);
data/argyll-2.0.1+repack/profile/txt2ti3.c:224:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ciename,argv[fa++]);
data/argyll-2.0.1+repack/profile/txt2ti3.c:226:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname, argv[fa++]);
data/argyll-2.0.1+repack/profile/txt2ti3.c:231:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(devname,argv[fa++]);
data/argyll-2.0.1+repack/profile/txt2ti3.c:233:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ciename,argv[fa++]);
data/argyll-2.0.1+repack/profile/txt2ti3.c:235:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(specname,argv[fa++]);
data/argyll-2.0.1+repack/profile/txt2ti3.c:237:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname, argv[fa++]);
data/argyll-2.0.1+repack/profile/txt2ti3.c:245:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (outname2, outname);
data/argyll-2.0.1+repack/profile/txt2ti3.c:353:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(specname, ciename);
data/argyll-2.0.1+repack/profile/txt2ti3.c:354:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ciename, devname);
data/argyll-2.0.1+repack/profile/txt2ti3.c:411:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(specname, ciename);
data/argyll-2.0.1+repack/profile/txt2ti3.c:429:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(specname, ciename);
data/argyll-2.0.1+repack/profile/txt2ti3.c:760:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(loc, (char *)cmy->t[0].rfdata[i][f_id1]);
data/argyll-2.0.1+repack/render/thscreen.c:40:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define DBG(text) printf text ; fflush(stdout);
data/argyll-2.0.1+repack/rspl/gam.c:110:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(out,(vec)[pveci]); \
data/argyll-2.0.1+repack/rspl/gam.c:111:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(end); \
data/argyll-2.0.1+repack/rspl/gam.c:120:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(out,(mat)[pvecr][pveci]); \
data/argyll-2.0.1+repack/rspl/gam.c:124:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(end); \
data/argyll-2.0.1+repack/rspl/gam.c:130:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBGI(text) printf text ;
data/argyll-2.0.1+repack/rspl/mlbs.c:586:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/rspl/mlbs.c:599:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/rspl/rev.c:156:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(out,(vec)[pveci]); \
data/argyll-2.0.1+repack/rspl/rev.c:157:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(end); \
data/argyll-2.0.1+repack/rspl/rev.c:166:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(out,(mat)[pvecr][pveci]); \
data/argyll-2.0.1+repack/rspl/rev.c:170:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(end); \
data/argyll-2.0.1+repack/rspl/rev.c:191:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBGI(text) printf text ;
data/argyll-2.0.1+repack/rspl/rspl.c:48:22: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define DEBLU(xxxx) printf xxxx
data/argyll-2.0.1+repack/rspl/smtmpp.c:38:22: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBG(xxxx) printf xxxx
data/argyll-2.0.1+repack/rspl/smtmpp.c:820:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prof_name,argv[fa]);
data/argyll-2.0.1+repack/rspl/stest.c:635:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/rspl/stest.c:648:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/rspl/t2d.c:951:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/rspl/t2d.c:979:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/rspl/t2d.c:1004:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(verbose_out, fmt, args);
data/argyll-2.0.1+repack/rspl/t2ddf.c:460:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/rspl/t2ddf.c:488:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/rspl/t2ddf.c:513:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(verbose_out, fmt, args);
data/argyll-2.0.1+repack/rspl/t3d.c:840:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/rspl/t3d.c:868:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/rspl/t3d.c:893:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(verbose_out, fmt, args);
data/argyll-2.0.1+repack/rspl/t3ddf.c:509:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/rspl/t3ddf.c:537:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/rspl/t3ddf.c:562:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(verbose_out, fmt, args);
data/argyll-2.0.1+repack/rspl/tnd.c:435:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/rspl/tnd.c:463:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/rspl/tnd.c:488:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(verbose_out, fmt, args);
data/argyll-2.0.1+repack/scanin/scanin.c:373:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(datin_name,argv[fa]);
data/argyll-2.0.1+repack/scanin/scanin.c:375:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(datout_name,argv[fa]); // ~~~99 Hmm. Should we honour -O ??
data/argyll-2.0.1+repack/scanin/scanin.c:891:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname,"%s_%s",nmask == ICX_W || nmask == ICX_K ? "GRAY" : bident,
data/argyll-2.0.1+repack/scanin/scanin.c:928:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s_XYZ", ident);
data/argyll-2.0.1+repack/scanin/scanin.c:1436:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(o, i); /* Copy remainder */
data/argyll-2.0.1+repack/scanin/scanrd.c:40:18: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBG(aaa) fprintf aaa, fflush(dbgo)
data/argyll-2.0.1+repack/scanin/scanrd.c:1999:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s->errm,"write_elists: error opening match reference file '%s'",fname);
data/argyll-2.0.1+repack/scanin/scanrd.c:2038:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s->errm,"read_elists: error opening match reference file '%s'",fname);
data/argyll-2.0.1+repack/scanin/scanrd.c:2101:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xf,xfix1);
data/argyll-2.0.1+repack/scanin/scanrd.c:2109:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s->sboxes[i].name,"%s",yfix1);
data/argyll-2.0.1+repack/scanin/scanrd.c:2111:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s->sboxes[i].name,"%s",xf);
data/argyll-2.0.1+repack/scanin/scanrd.c:2114:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s->sboxes[i].name,"%s%s",yfix1,xf);
data/argyll-2.0.1+repack/scanin/scanrd.c:2116:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s->sboxes[i].name,"%s%s",xf,yfix1);
data/argyll-2.0.1+repack/scanin/scanrd.c:2307:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s->errm,"read_relist failed at line %d in file %s: %s\n",l,fname,em);
data/argyll-2.0.1+repack/scanin/scanrd.c:3709:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(id, sp->name);
data/argyll-2.0.1+repack/scanin/scanrd.c:3817:18: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBG(aaa) fprintf aaa, fflush(dbgo)
data/argyll-2.0.1+repack/spectro/aglob.c:113:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tpath, spath);
data/argyll-2.0.1+repack/spectro/aglob.c:167:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fpath, g->base);
data/argyll-2.0.1+repack/spectro/aglob.c:168:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fpath, g->ffs.name);
data/argyll-2.0.1+repack/spectro/average.c:54:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, diag, args);
data/argyll-2.0.1+repack/spectro/average.c:278:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname,"%s_%s",nmask == ICX_W || nmask == ICX_K ? "GRAY" : bident,
data/argyll-2.0.1+repack/spectro/ccwin.c:154:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(url, "%s%s",p->ws_url, SEND_TEST_FILE);
data/argyll-2.0.1+repack/spectro/ccwin.c:156:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(url, "%stpatch_%d.png",p->ws_url, ++p->pno);
data/argyll-2.0.1+repack/spectro/ccwin.c:209:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(url, "%s%s",p->ws_url, SEND_TEST_FILE);
data/argyll-2.0.1+repack/spectro/ccwin.c:211:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(url, "%stpatch_%d.png",p->ws_url, ++p->pno);
data/argyll-2.0.1+repack/spectro/ccwin.c:822:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"ChromeCast '%s'",cc_id->name);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:118:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, diag, args);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:599:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outname, doccss ? ".ccss" : ".ccmx");
data/argyll-2.0.1+repack/spectro/ccxxmake.c:691:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(description, tt);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:692:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(description, disp);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:961:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(colname, tt);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:963:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(colname, oname);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:970:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(description, colname);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:972:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(description, disp);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:1384:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(description, tt);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:1385:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(description, disp);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:1450:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(colname, tt);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:1452:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(colname, oname);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:1459:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(description, colname);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:1461:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(description, disp);
data/argyll-2.0.1+repack/spectro/chartread.c:2486:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inname,argv[fa]);
data/argyll-2.0.1+repack/spectro/chartread.c:2488:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname,argv[fa]);
data/argyll-2.0.1+repack/spectro/chartread.c:2710:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname,"%s_%s",nmask == ICX_W || nmask == ICX_K ? "GRAY" : bident,
data/argyll-2.0.1+repack/spectro/chartread.c:2749:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s_LAB", ident);
data/argyll-2.0.1+repack/spectro/chartread.c:2751:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s_XYZ", ident);
data/argyll-2.0.1+repack/spectro/dispcal.c:188:19: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define DBG(xxx) fprintf xxx ;
data/argyll-2.0.1+repack/spectro/dispcal.c:1533:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, diag, args);
data/argyll-2.0.1+repack/spectro/dispcal.c:2366:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(iccoutname,ICC_FILE_EXT);
data/argyll-2.0.1+repack/spectro/dispcal.c:5722:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, dst); /* Copy the string in */
data/argyll-2.0.1+repack/spectro/dispcal.c:5740:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->data, crt); /* Copy the text in */
data/argyll-2.0.1+repack/spectro/dispcal.c:5753:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, dst); /* Copy the string in */
data/argyll-2.0.1+repack/spectro/dispcal.c:5766:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, dst); /* Copy the string in */
data/argyll-2.0.1+repack/spectro/dispread.c:114:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, diag, args);
data/argyll-2.0.1+repack/spectro/dispread.c:721:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname,inname);
data/argyll-2.0.1+repack/spectro/dispsup.c:81:18: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBG(xxx) fprintf xxx ;
data/argyll-2.0.1+repack/spectro/dispsup.c:424:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s %f %f %f",p->scallout, xyz[0], xyz[1], xyz[2]);
data/argyll-2.0.1+repack/spectro/dispsup.c:425:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((rv = system(cmd)) != 0)
data/argyll-2.0.1+repack/spectro/dispsup.c:1830:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s %d %d %d %f %f %f",p->mcallout,
data/argyll-2.0.1+repack/spectro/dispsup.c:1834:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((rv = system(cmd)) != 0)
data/argyll-2.0.1+repack/spectro/dispsup.c:1838:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s.meas",p->mcallout);
data/argyll-2.0.1+repack/spectro/disptechs.c:493:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(list[i].isel, list[i].sel);
data/argyll-2.0.1+repack/spectro/dispwin.c:150:20: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debug(xx) fprintf(errout, xx )
data/argyll-2.0.1+repack/spectro/dispwin.c:151:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debug2(xx) fprintf xx
data/argyll-2.0.1+repack/spectro/dispwin.c:152:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugr(xx) fprintf(errout, xx )
data/argyll-2.0.1+repack/spectro/dispwin.c:153:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugr2(xx) fprintf xx
data/argyll-2.0.1+repack/spectro/dispwin.c:154:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugrr(xx) fprintf(errout, xx )
data/argyll-2.0.1+repack/spectro/dispwin.c:155:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugrr2(xx) fprintf xx
data/argyll-2.0.1+repack/spectro/dispwin.c:156:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugrr2l(lev, xx) fprintf xx
data/argyll-2.0.1+repack/spectro/dispwin.c:161:36: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugr(xx) if (p->ddebug) fprintf(errout, xx )
data/argyll-2.0.1+repack/spectro/dispwin.c:162:37: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugr2(xx) if (p->ddebug) fprintf xx
data/argyll-2.0.1+repack/spectro/dispwin.c:163:43: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugrr(xx) if (callback_ddebug) fprintf(errout, xx )
data/argyll-2.0.1+repack/spectro/dispwin.c:164:44: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugrr2(xx) if (callback_ddebug) fprintf xx
data/argyll-2.0.1+repack/spectro/dispwin.c:165:57: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugrr2l(lev, xx) if (callback_ddebug >= lev) fprintf xx
data/argyll-2.0.1+repack/spectro/dispwin.c:372:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(disps[i]->monid, dd.DeviceID);
data/argyll-2.0.1+repack/spectro/dispwin.c:376:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"%s, at %d, %d, width %d, height %d%s",disps[i]->name+4,
data/argyll-2.0.1+repack/spectro/dispwin.c:555:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"%s, at %d, %d, width %d, height %d%s",dp,
data/argyll-2.0.1+repack/spectro/dispwin.c:864:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(desc1,"Monitor %d, Output %s",ndisps+1,outi->name);
data/argyll-2.0.1+repack/spectro/dispwin.c:865:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(desc2,"%s at %d, %d, width %d, height %d",desc1,
data/argyll-2.0.1+repack/spectro/dispwin.c:870:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(desc1, "[ Clone of %s ]",outi0->name);
data/argyll-2.0.1+repack/spectro/dispwin.c:871:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(desc2, desc1);
data/argyll-2.0.1+repack/spectro/dispwin.c:1136:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(desc1, "%s",monitor.model);
data/argyll-2.0.1+repack/spectro/dispwin.c:1142:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(desc2,"%s at %d, %d, width %d, height %d",desc1,
data/argyll-2.0.1+repack/spectro/dispwin.c:1629:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rv, home);
data/argyll-2.0.1+repack/spectro/dispwin.c:1630:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rv, dirname);
data/argyll-2.0.1+repack/spectro/dispwin.c:1631:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rv, basename);
data/argyll-2.0.1+repack/spectro/dispwin.c:1988:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, dst); /* Copy the string in */
data/argyll-2.0.1+repack/spectro/dispwin.c:2043:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ppath, tpath);
data/argyll-2.0.1+repack/spectro/dispwin.c:2183:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ppath,tpath);
data/argyll-2.0.1+repack/spectro/dispwin.c:2600:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(colpath, basename);
data/argyll-2.0.1+repack/spectro/dispwin.c:2843:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dpath, basename);
data/argyll-2.0.1+repack/spectro/dispwin.c:2967:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(colpath, basename);
data/argyll-2.0.1+repack/spectro/dispwin.c:3163:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dpath, basename);
data/argyll-2.0.1+repack/spectro/dispwin.c:3547:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("xscreensaver -nosplash 2>/dev/null >/dev/null&");
data/argyll-2.0.1+repack/spectro/dispwin.c:3556:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("dcop kdesktop KScreensaverIface enable true 2>&1 >/dev/null");
data/argyll-2.0.1+repack/spectro/dispwin.c:4210:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s %d %d %d %f %f %f",p->callout,
data/argyll-2.0.1+repack/spectro/dispwin.c:4212:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((rv = system(cmd)) != 0)
data/argyll-2.0.1+repack/spectro/dispwin.c:4822:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->monid, disp->monid);
data/argyll-2.0.1+repack/spectro/dispwin.c:5629:22: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
p->xssrunning = (system("xscreensaver-command -version 2>/dev/null >/dev/null") == 0);
data/argyll-2.0.1+repack/spectro/dispwin.c:5631:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("xscreensaver-command -exit 2>/dev/null >/dev/null");
data/argyll-2.0.1+repack/spectro/dispwin.c:5636:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
p->gnomessrunning = (system("gnome-screensaver-command -q "
data/argyll-2.0.1+repack/spectro/dispwin.c:5651:7: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("gnome-screensaver-command", "gnome-screensaver-command","-i","-n","argyll","-r","measuring screen",NULL);
data/argyll-2.0.1+repack/spectro/dispwin.c:5664:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system("ps -e 2>/dev/null | grep kdesktop 2>/dev/null >/dev/null") == 0) {
data/argyll-2.0.1+repack/spectro/dispwin.c:5665:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
p->kdessrunning = (system("dcop kdesktop KScreensaverIface isEnabled "
data/argyll-2.0.1+repack/spectro/dispwin.c:5669:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("dcop kdesktop KScreensaverIface enable false 2>&1 >/dev/null");
data/argyll-2.0.1+repack/spectro/dispwin.c:6102:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, diag, args);
data/argyll-2.0.1+repack/spectro/dtp20.c:1173:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(id, buf);
data/argyll-2.0.1+repack/spectro/dtp22.c:614:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(tp, fmt, &val->sp.spec[j]) != 1)
data/argyll-2.0.1+repack/spectro/fakeread.c:54:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, diag, args);
data/argyll-2.0.1+repack/spectro/fakeread.c:726:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname,"%s_%s",cnv_nmask == ICX_W || cnv_nmask == ICX_K ? "GRAY" : ti3_bident,
data/argyll-2.0.1+repack/spectro/fakeread.c:1061:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname,"%s_%s",nmask == ICX_W || nmask == ICX_K ? "GRAY" : bident,
data/argyll-2.0.1+repack/spectro/fakeread.c:1118:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fname, dolab ? "%s_LAB" : "%s_XYZ", ident);
data/argyll-2.0.1+repack/spectro/hidio.c:242:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pname,"hid:/%d (%s)", dinfod.DevInst, inst_name(itype));
data/argyll-2.0.1+repack/spectro/hidio.c:259:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(hidd->dpath, pdidd->DevicePath);
data/argyll-2.0.1+repack/spectro/hidio.c:340:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pname,"hid%d: (%s)", lid >> 20, inst_name(itype));
data/argyll-2.0.1+repack/spectro/hidio.c:415:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pname,"hid%d: (%s)", lid >> 20, inst_name(itype));
data/argyll-2.0.1+repack/spectro/hidio.c:468:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dpath, devds[i]);
data/argyll-2.0.1+repack/spectro/hidio.c:470:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dpath, dentry->d_name);
data/argyll-2.0.1+repack/spectro/icoms.c:316:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pname,"%s (%s)", p->name, inst_name(itype));
data/argyll-2.0.1+repack/spectro/icoms.c:1037:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(d, "%s%02x", i > 0 ? " " : "", *s);
data/argyll-2.0.1+repack/spectro/icoms_nt.c:244:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "\\\\.\\%s", p->spath);
data/argyll-2.0.1+repack/spectro/icoms_ux.c:261:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dpath, dirn);
data/argyll-2.0.1+repack/spectro/icoms_ux.c:262:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dpath, de->d_name);
data/argyll-2.0.1+repack/spectro/illumread.c:241:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, diag, args);
data/argyll-2.0.1+repack/spectro/illumread.c:428:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tname, outname);
data/argyll-2.0.1+repack/spectro/inflate.c:32:19: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBG(text) printf text ;
data/argyll-2.0.1+repack/spectro/inst.c:1017:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(list[i].isel, list[i].sel);
data/argyll-2.0.1+repack/spectro/inst.c:1216:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pp, tech);
data/argyll-2.0.1+repack/spectro/inst.c:1218:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pp, disp);
data/argyll-2.0.1+repack/spectro/inst.c:1348:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pp, tech);
data/argyll-2.0.1+repack/spectro/inst.c:1350:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pp, disp);
data/argyll-2.0.1+repack/spectro/kleink10.c:831:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->sel, sel);
data/argyll-2.0.1+repack/spectro/kleink10.c:833:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->sel, i->sel);
data/argyll-2.0.1+repack/spectro/kleink10.c:899:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(k10_disptypesel[n].desc, name);
data/argyll-2.0.1+repack/spectro/madvrwin.c:41:20: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debug(xx) fprintf(errout, xx )
data/argyll-2.0.1+repack/spectro/madvrwin.c:42:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debug2(xx) fprintf xx
data/argyll-2.0.1+repack/spectro/madvrwin.c:43:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugr(xx) fprintf(errout, xx )
data/argyll-2.0.1+repack/spectro/madvrwin.c:44:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugr2(xx) fprintf xx
data/argyll-2.0.1+repack/spectro/madvrwin.c:45:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugrr(xx) fprintf(errout, xx )
data/argyll-2.0.1+repack/spectro/madvrwin.c:46:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugrr2(xx) fprintf xx
data/argyll-2.0.1+repack/spectro/madvrwin.c:47:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugrr2l(lev, xx) fprintf xx
data/argyll-2.0.1+repack/spectro/madvrwin.c:52:36: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugr(xx) if (p->ddebug) fprintf(errout, xx )
data/argyll-2.0.1+repack/spectro/madvrwin.c:53:37: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugr2(xx) if (p->ddebug) fprintf xx
data/argyll-2.0.1+repack/spectro/madvrwin.c:54:43: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugrr(xx) if (callback_ddebug) fprintf(errout, xx )
data/argyll-2.0.1+repack/spectro/madvrwin.c:55:44: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugrr2(xx) if (callback_ddebug) fprintf xx
data/argyll-2.0.1+repack/spectro/madvrwin.c:56:57: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugrr2l(lev, xx) if (callback_ddebug >= lev) fprintf xx
data/argyll-2.0.1+repack/spectro/madvrwin.c:125:5: [4] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
wcscat(us1, dllname);
data/argyll-2.0.1+repack/spectro/mongoose.c:157:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/argyll-2.0.1+repack/spectro/mongoose.c:157:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/argyll-2.0.1+repack/spectro/mongoose.c:158:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/argyll-2.0.1+repack/spectro/mongoose.c:162:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#ifndef popen
data/argyll-2.0.1+repack/spectro/mongoose.c:163:10: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
# define popen(x, y) _popen(x, y)
data/argyll-2.0.1+repack/spectro/mongoose.c:288:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf x; \
data/argyll-2.0.1+repack/spectro/mongoose.c:625:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(void) vsnprintf(buf, sizeof(buf), fmt, ap);
data/argyll-2.0.1+repack/spectro/mongoose.c:734:7: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = vsnprintf(buf, buflen, fmt, ap);
data/argyll-2.0.1+repack/spectro/mongoose.c:1407:16: [4] (shell) execle:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
(void) execle(prog, prog, NULL, envp);
data/argyll-2.0.1+repack/spectro/mongoose.c:1410:16: [4] (shell) execle:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
(void) execle(interp, interp, prog, NULL, envp);
data/argyll-2.0.1+repack/spectro/mongoose.c:1602:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(mem, sizeof(mem), fmt, ap);
data/argyll-2.0.1+repack/spectro/mongoose.c:1614:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, len + 1, fmt, ap);
data/argyll-2.0.1+repack/spectro/mongoose.c:2344:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(line, "%[^:]:%[^:]:%s", f_user, f_domain, ha1) != 3) {
data/argyll-2.0.1+repack/spectro/mongoose.c:2720:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
return sscanf(header, "bytes=%" INT64_FMT "-%" INT64_FMT, a, b);
data/argyll-2.0.1+repack/spectro/mongoose.c:3428:20: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
} else if ((fp = popen(cmd, "r")) == NULL) {
data/argyll-2.0.1+repack/spectro/mongoose.c:4110:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"http://%s:%d/",localIP,portno);
data/argyll-2.0.1+repack/spectro/mongoose.c:4135:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"http://%s:%d/",abuf,portno);
data/argyll-2.0.1+repack/spectro/mongoose.c:4149:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"http://[%s]:%d/",abuf6,portno);
data/argyll-2.0.1+repack/spectro/mongoose.c:4195:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, "%s - %s [%s] \"%s %s HTTP/%s\" %d %" INT64_FMT,
data/argyll-2.0.1+repack/spectro/mongoose.h:205:49: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINTF_ARGS(x, y) __attribute__((format(printf, x, y)))
data/argyll-2.0.1+repack/spectro/munki_imp.c:3186:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cal_name, "ArgyllCMS/.mk_%s.cal", m->serno);
data/argyll-2.0.1+repack/spectro/munki_imp.c:3303:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cal_name, "ArgyllCMS/.mk_%s.cal" SSEPS "color/.mk_%s.cal", m->serno, m->serno);
data/argyll-2.0.1+repack/spectro/munki_imp.c:3621:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cal_name, "ArgyllCMS/.mk_%s.cal" SSEPS "color/.mk_%s.cal", m->serno, m->serno);
data/argyll-2.0.1+repack/spectro/oemarch.c:178:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuf, "umount \"%s\"",oemamount_path);
data/argyll-2.0.1+repack/spectro/oemarch.c:179:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(sbuf);
data/argyll-2.0.1+repack/spectro/oemarch.c:180:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuf, "rmdir \"%s\"",oemamount_path);
data/argyll-2.0.1+repack/spectro/oemarch.c:181:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(sbuf);
data/argyll-2.0.1+repack/spectro/oemarch.c:559:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(drive, buf+i);
data/argyll-2.0.1+repack/spectro/oemarch.c:587:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tname, oemtargs.volnames[j].path);
data/argyll-2.0.1+repack/spectro/oemarch.c:594:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(tname, 0) == 0) {
data/argyll-2.0.1+repack/spectro/oemarch.c:602:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(oemtargs.volnames[j].path, 0) == 0) {
data/argyll-2.0.1+repack/spectro/oemarch.c:620:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tname, oemtargs.volnames[j].path);
data/argyll-2.0.1+repack/spectro/oemarch.c:622:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuf, "mkdir \"%s\"", tname);
data/argyll-2.0.1+repack/spectro/oemarch.c:623:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((rv = system(sbuf)) != 0)
data/argyll-2.0.1+repack/spectro/oemarch.c:625:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuf, "mount_cd9660 %s \"%s\"", buf.f_mntfromname,tname);
data/argyll-2.0.1+repack/spectro/oemarch.c:626:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((rv = system(sbuf)) != 0) {
data/argyll-2.0.1+repack/spectro/oemarch.c:627:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuf, "rmdir \"%s\"", tname);
data/argyll-2.0.1+repack/spectro/oemarch.c:628:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(sbuf);
data/argyll-2.0.1+repack/spectro/oemarch.c:681:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(vol, usr);
data/argyll-2.0.1+repack/spectro/oemarch.c:682:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(vol, cp + 5);
data/argyll-2.0.1+repack/spectro/oemarch.c:685:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(vol, 0) == 0) {
data/argyll-2.0.1+repack/spectro/oemarch.c:710:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, vol->name);
data/argyll-2.0.1+repack/spectro/oemarch.c:720:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ap, oemtargs.archnames[j].path);
data/argyll-2.0.1+repack/spectro/oemarch.c:753:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tname, pf);
data/argyll-2.0.1+repack/spectro/oemarch.c:762:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ap, oemtargs.instpaths[j].path);
data/argyll-2.0.1+repack/spectro/oemarch.c:931:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, pfx);
data/argyll-2.0.1+repack/spectro/oemarch.c:932:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fname, cp);
data/argyll-2.0.1+repack/spectro/oemarch.c:1472:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ccssname, edrname);
data/argyll-2.0.1+repack/spectro/oemarch.c:1634:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(creatdate, ctime_64(&edrdate));
data/argyll-2.0.1+repack/spectro/oeminst.c:155:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tname, exe_path);
data/argyll-2.0.1+repack/spectro/oeminst.c:248:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(install_name, install_dir);
data/argyll-2.0.1+repack/spectro/oeminst.c:257:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(install_name, cp);
data/argyll-2.0.1+repack/spectro/rspec.c:929:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cal_name, "ArgyllCMS/%s", fname);
data/argyll-2.0.1+repack/spectro/rspec.c:931:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cal_name, "ArgyllCMS/%s" SSEPS "color/%s", fname, fname);
data/argyll-2.0.1+repack/spectro/rspec.c:974:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cal_name, "ArgyllCMS/%s" SSEPS "color/%s", fname, fname);
data/argyll-2.0.1+repack/spectro/spotread.c:272:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, diag, args);
data/argyll-2.0.1+repack/spectro/spotread.c:933:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(labwpname, standardIlluminant_name(illum, 0.0));
data/argyll-2.0.1+repack/spectro/ss.c:1536:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(id, filter_desc[p->filt]);
data/argyll-2.0.1+repack/spectro/synthcal.c:261:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname,argv[fa]);
data/argyll-2.0.1+repack/spectro/synthcal.c:324:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s_I",bident);
data/argyll-2.0.1+repack/spectro/synthcal.c:329:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s_%s",bident,icx_ink2char(imask));
data/argyll-2.0.1+repack/spectro/synthread.c:313:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sepname,argv[fa++]);
data/argyll-2.0.1+repack/spectro/synthread.c:317:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inname,argv[fa]);
data/argyll-2.0.1+repack/spectro/synthread.c:319:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname,argv[fa]);
data/argyll-2.0.1+repack/spectro/synthread.c:525:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname,"%s_%s",nmask == ICX_W || nmask == ICX_K ? "GRAY" : bident,
data/argyll-2.0.1+repack/spectro/synthread.c:544:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fname, md.dolab ? "%s_LAB" : "%s_XYZ", ident);
data/argyll-2.0.1+repack/spectro/usbio_bsd.c:170:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pname,"%s (%s)", dpath, inst_name(itype));
data/argyll-2.0.1+repack/spectro/usbio_lx.c:229:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pname,"%s (%s)", dpath, inst_name(itype));
data/argyll-2.0.1+repack/spectro/usbio_nt.c:320:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pname,"%s (%s)", dpath + 4, inst_name(itype));
data/argyll-2.0.1+repack/spectro/usbio_ox.c:182:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pname,"usb%d: (%s)", lid >> 20, inst_name(itype));
data/argyll-2.0.1+repack/spectro/vinflate.c:40:19: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBG(text) printf text ;
data/argyll-2.0.1+repack/spectro/webwin.c:35:20: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debug(xx) fprintf(errout, xx )
data/argyll-2.0.1+repack/spectro/webwin.c:36:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debug2(xx) fprintf xx
data/argyll-2.0.1+repack/spectro/webwin.c:37:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugr(xx) fprintf(errout, xx )
data/argyll-2.0.1+repack/spectro/webwin.c:38:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugr2(xx) fprintf xx
data/argyll-2.0.1+repack/spectro/webwin.c:39:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugrr(xx) fprintf(errout, xx )
data/argyll-2.0.1+repack/spectro/webwin.c:40:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugrr2(xx) fprintf xx
data/argyll-2.0.1+repack/spectro/webwin.c:41:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugrr2l(lev, xx) fprintf xx
data/argyll-2.0.1+repack/spectro/webwin.c:46:36: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugr(xx) if (p->ddebug) fprintf(errout, xx )
data/argyll-2.0.1+repack/spectro/webwin.c:47:37: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugr2(xx) if (p->ddebug) fprintf xx
data/argyll-2.0.1+repack/spectro/webwin.c:48:43: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugrr(xx) if (callback_ddebug) fprintf(errout, xx )
data/argyll-2.0.1+repack/spectro/webwin.c:49:44: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugrr2(xx) if (callback_ddebug) fprintf xx
data/argyll-2.0.1+repack/spectro/webwin.c:50:57: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debugrr2l(lev, xx) if (callback_ddebug >= lev) fprintf xx
data/argyll-2.0.1+repack/spectro/webwin.c:400:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"Web Window at '%s'",url);
data/argyll-2.0.1+repack/spectro/xdg_bds.c:171:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rv, in);
data/argyll-2.0.1+repack/spectro/xdg_bds.c:172:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rv, app);
data/argyll-2.0.1+repack/spectro/xdg_bds.c:192:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rv, in);
data/argyll-2.0.1+repack/spectro/xdg_bds.c:194:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rv, SSEPS);
data/argyll-2.0.1+repack/spectro/xdg_bds.c:195:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rv, app);
data/argyll-2.0.1+repack/spectro/xdg_bds.c:215:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rv, in);
data/argyll-2.0.1+repack/spectro/xdg_bds.c:218:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rv, app);
data/argyll-2.0.1+repack/spectro/xdg_bds.c:973:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s=%s",env,envv);
data/argyll-2.0.1+repack/spectro/xdg_bds.c:995:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s=xdgtestXXX%c%s",env,SSEP,envv);
data/argyll-2.0.1+repack/spectro/xdg_bds.c:1000:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s=xdg_NOT_%s",defv,defv);
data/argyll-2.0.1+repack/spectro/xdg_bds.c:1023:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s=",env);
data/argyll-2.0.1+repack/spectro/xdg_bds.c:1025:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s=%s",env,xval);
data/argyll-2.0.1+repack/spectro/xdg_bds.c:1029:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s=",defv);
data/argyll-2.0.1+repack/spectro/xdg_bds.c:1081:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf1, "%s=",cases[i].envn[j]);
data/argyll-2.0.1+repack/spectro/xdg_bds.c:1092:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "application/%s",cases[i].st == xdg_data ? "data" :
data/argyll-2.0.1+repack/target/alphix.c:81:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v, ax);
data/argyll-2.0.1+repack/target/alphix.c:407:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (rv, sl);
data/argyll-2.0.1+repack/target/alphix.c:408:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (rv, pl);
data/argyll-2.0.1+repack/target/alphix.c:410:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (rv, pl);
data/argyll-2.0.1+repack/target/alphix.c:411:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (rv, sl);
data/argyll-2.0.1+repack/target/alphix.c:437:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ax,_ax);
data/argyll-2.0.1+repack/target/filmtarg.c:101:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cols[ix].loc, slab);
data/argyll-2.0.1+repack/target/filmtarg.c:102:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s.%04d.tiff", basename, i+1);
data/argyll-2.0.1+repack/target/filmtarg.c:288:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inname,argv[fa]);
data/argyll-2.0.1+repack/target/filmtarg.c:290:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname,argv[fa]);
data/argyll-2.0.1+repack/target/filmtarg.c:292:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tiffname,argv[fa]);
data/argyll-2.0.1+repack/target/filmtarg.c:435:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/target/filmtarg.c:448:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/target/ofps.c:8658:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bp,"%s", "Big");
data/argyll-2.0.1+repack/target/ofps.c:8842:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mtext[n3],"%s","");
data/argyll-2.0.1+repack/target/ofps.c:8926:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mtext[n3],"%s","");
data/argyll-2.0.1+repack/target/ppoint.c:986:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/target/printtarg.c:2461:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(psname,"%s.ps",bname);
data/argyll-2.0.1+repack/target/printtarg.c:2469:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(psname,"%s_%02d.eps",bname,pif);
data/argyll-2.0.1+repack/target/printtarg.c:2471:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(psname,"%s.eps",bname);
data/argyll-2.0.1+repack/target/printtarg.c:2479:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(psname,"%s_%02d.tif",bname,pif);
data/argyll-2.0.1+repack/target/printtarg.c:2481:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(psname,"%s.tif",bname);
data/argyll-2.0.1+repack/target/printtarg.c:2653:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cols[ix].loc, sp); /* Record location */
data/argyll-2.0.1+repack/target/printtarg.c:2827:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(chtname,"%s_%02d.cht",bname,pif);
data/argyll-2.0.1+repack/target/printtarg.c:2829:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(chtname,"%s.cht",bname);
data/argyll-2.0.1+repack/target/printtarg.c:2896:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, diag, args);
data/argyll-2.0.1+repack/target/printtarg.c:3333:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname,inname);
data/argyll-2.0.1+repack/target/printtarg.c:3334:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(psname,inname);
data/argyll-2.0.1+repack/target/printtarg.c:3467:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname,"%s_%s",nmask == ICX_W || nmask == ICX_K ? "GRAY" : bident,
data/argyll-2.0.1+repack/target/printtarg.c:3543:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname,"%s_%s",nmask == ICX_W || nmask == ICX_K ? "GRAY" : bident,
data/argyll-2.0.1+repack/target/printtarg.c:3604:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname,"%s_%s",nmask == ICX_W || nmask == ICX_K ? "GRAY" : bident,
data/argyll-2.0.1+repack/target/printtarg.c:3682:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(label, "ArgyllCMS - Chart \"%s\" (%s %d) %s",
data/argyll-2.0.1+repack/target/printtarg.c:3712:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bp, "%s%d", i > 0 ? "," : "", pis[i]);
data/argyll-2.0.1+repack/target/randix.c:147:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/target/targen.c:845:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, diag, args);
data/argyll-2.0.1+repack/target/targen.c:1428:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname,"%s_%s",nmask == ICX_W || nmask == ICX_K ? "GRAY" : bident,
data/argyll-2.0.1+repack/tweak/refine.c:162:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, diag, args);
data/argyll-2.0.1+repack/tweak/refine.c:615:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cg[n].pat[i].sid, (char *)cgf->t[0].fdata[i][sidx]);
data/argyll-2.0.1+repack/tweak/refine.c:725:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cg[n].pat[i].sid, (char *)cgf->t[0].fdata[i][sidx]);
data/argyll-2.0.1+repack/tweak/refine.c:1183:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->desc, dst); /* Copy the string in */
data/argyll-2.0.1+repack/tweak/refine.c:1195:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wo->data, crt); /* Copy the text in */
data/argyll-2.0.1+repack/ucmm/ucmm.c:56:20: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debug(xx) fprintf(errout, xx )
data/argyll-2.0.1+repack/ucmm/ucmm.c:57:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debug2(xx) fprintf xx
data/argyll-2.0.1+repack/ucmm/ucmm.c:231:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data_pathfile, profile_dir);
data/argyll-2.0.1+repack/ucmm/ucmm.c:240:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data_pathfile, tt);
data/argyll-2.0.1+repack/ucmm/ucmm.c:480:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keyn1, "devices/display/%d/%s", recno, mname);
data/argyll-2.0.1+repack/xicc/cam02.c:192:35: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define TRACE(xxxx) if (s->trace) printf xxxx ;
data/argyll-2.0.1+repack/xicc/cam02ref.h:342:38: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define REFTRACE(xxxx) if (s->trace) printf xxxx ;
data/argyll-2.0.1+repack/xicc/ccmx.c:139:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->err, ocg->err);
data/argyll-2.0.1+repack/xicc/ccmx.c:171:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->err, ocg->err);
data/argyll-2.0.1+repack/xicc/ccmx.c:292:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "read_ccmx: Input file doesn't contain field %s", xyzfname[i]);
data/argyll-2.0.1+repack/xicc/ccmx.c:296:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "read_ccmx: Input file field %s is wrong type", xyzfname[i]);
data/argyll-2.0.1+repack/xicc/ccmx.c:333:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->err, icg->err);
data/argyll-2.0.1+repack/xicc/ccmx.c:373:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->err, icg->err);
data/argyll-2.0.1+repack/xicc/ccss.c:125:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "cgats add_field SAMPLE_ID failed with '%s'!",ocg->err);
data/argyll-2.0.1+repack/xicc/ccss.c:141:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "cgats add_field %s failed with '%s'",buf,ocg->err);
data/argyll-2.0.1+repack/xicc/ccss.c:195:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->err, ocg->err);
data/argyll-2.0.1+repack/xicc/ccss.c:232:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->err, ocg->err);
data/argyll-2.0.1+repack/xicc/ccss.c:373:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err,"Input file doesn't contain field %s",buf);
data/argyll-2.0.1+repack/xicc/ccss.c:422:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->err, icg->err);
data/argyll-2.0.1+repack/xicc/ccss.c:462:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->err, icg->err);
data/argyll-2.0.1+repack/xicc/ccttest.c:162:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in_name,argv[fa]);
data/argyll-2.0.1+repack/xicc/ccttest.c:255:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "File '%s'",in_name);
data/argyll-2.0.1+repack/xicc/ccttest.c:303:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s at %f", k == 0 ? "Daylight" : "Black body", temp);
data/argyll-2.0.1+repack/xicc/cgatsplot.c:119:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in_name,argv[fa]);
data/argyll-2.0.1+repack/xicc/cgatsplot.c:166:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname,"%s_%s",nmask == ICX_W || nmask == ICX_K ? "GRAY" : bident,
data/argyll-2.0.1+repack/xicc/extracticc.c:44:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, diag, args);
data/argyll-2.0.1+repack/xicc/extractttag.c:46:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, diag, args);
data/argyll-2.0.1+repack/xicc/fakeCMY.c:196:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in_name,argv[fa++]);
data/argyll-2.0.1+repack/xicc/fakeCMY.c:199:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_name,argv[fa++]);
data/argyll-2.0.1+repack/xicc/fbview.c:126:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in_name,argv[fa]);
data/argyll-2.0.1+repack/xicc/fbview.c:128:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_name, in_name);
data/argyll-2.0.1+repack/xicc/iccgamut.c:523:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_name, prof_name);
data/argyll-2.0.1+repack/xicc/icheck.c:120:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in_name,argv[fa]);
data/argyll-2.0.1+repack/xicc/icheck.c:122:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_name, in_name);
data/argyll-2.0.1+repack/xicc/mpp.c:343:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->err, ocg->err);
data/argyll-2.0.1+repack/xicc/mpp.c:371:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->err, icg->err);
data/argyll-2.0.1+repack/xicc/mpp.c:377:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "read_mpp: Input file '%s' isn't a MPP format file",inname);
data/argyll-2.0.1+repack/xicc/mpp.c:382:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "Input file '%s' doesn't contain exactly one table",inname);
data/argyll-2.0.1+repack/xicc/mpp.c:387:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "read_mpp: Input file '%s' doesn't contain keyword COLOR_REP",inname);
data/argyll-2.0.1+repack/xicc/mpp.c:398:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "read_mpp: COLOR_REP '%s' invalid from file '%s' (No matching devmask)",
data/argyll-2.0.1+repack/xicc/mpp.c:406:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "read_mpp: Input file '%s' doesn't contain keyword DEVICE_CLASS",inname);
data/argyll-2.0.1+repack/xicc/mpp.c:421:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "read_mpp: Can't find keyword TARGET_INSTRUMENT in file '%s'", inname);
data/argyll-2.0.1+repack/xicc/mpp.c:428:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "read_mpp: Unrecognised target instrument '%s' in file '%s'",
data/argyll-2.0.1+repack/xicc/mpp.c:444:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "read_mpp: Input file '%s' has unknown DEVICE_CLASS '%s'",
data/argyll-2.0.1+repack/xicc/mpp.c:452:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "read_mpp: Input file '%s' doesn't contain keyword TRANSFER_ORDERS",
data/argyll-2.0.1+repack/xicc/mpp.c:459:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "read_mpp: Input file '%s' has out of range TRANSFER_ORDERS %d",
data/argyll-2.0.1+repack/xicc/mpp.c:511:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "read_mpp: Input file '%s' doesn't contain field PARAMETER",
data/argyll-2.0.1+repack/xicc/mpp.c:517:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "read_mpp: Input file '%s' field PARAMETER is wrong type",
data/argyll-2.0.1+repack/xicc/mpp.c:528:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "read_mpp: Input file '%s' field %s is wrong type",
data/argyll-2.0.1+repack/xicc/mpp.c:539:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "read_mpp: Input file '%s' doesn't contain field %s or %s",
data/argyll-2.0.1+repack/xicc/mpp.c:545:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "read_mpp: Input file '%s' field %s is wrong type",
data/argyll-2.0.1+repack/xicc/mpp.c:565:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "read_mpp: Input file '%s' doesn't contain field %s",
data/argyll-2.0.1+repack/xicc/mpp.c:571:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "read_mpp: Input file '%s' field %s is wrong type",
data/argyll-2.0.1+repack/xicc/mpplu.c:316:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prof_name,argv[fa]);
data/argyll-2.0.1+repack/xicc/mpplu.c:438:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gam_name, prof_name);
data/argyll-2.0.1+repack/xicc/mpplu.c:456:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gam_name, prof_name);
data/argyll-2.0.1+repack/xicc/specplot.c:347:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf[nsp + i],"File '%s' spect %d",argv[fa], soff + i);
data/argyll-2.0.1+repack/xicc/specplot.c:394:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf[0],inm);
data/argyll-2.0.1+repack/xicc/specplot.c:415:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf[0], "%s at %f", k == 0 ? "Daylight" : "Black body", temp);
data/argyll-2.0.1+repack/xicc/transplot.c:198:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in_name,argv[fa]);
data/argyll-2.0.1+repack/xicc/xcal.c:76:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "Input file '%s' can't be a CAL format file", filename);
data/argyll-2.0.1+repack/xicc/xcal.c:81:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "Input file '%s' isn't a CAL format file", filename);
data/argyll-2.0.1+repack/xicc/xcal.c:87:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "Calibration file '%s'doesn't contain keyword DEVICE_CLASS",filename);
data/argyll-2.0.1+repack/xicc/xcal.c:97:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err,"Calibration file '%s' contain unknown DEVICE_CLASS '%s'",
data/argyll-2.0.1+repack/xicc/xcal.c:105:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "Calibration file '%s'doesn't contain keyword COLOR_REP",filename);
data/argyll-2.0.1+repack/xicc/xcal.c:110:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "Calibration file '%s' has unrecognized COLOR_REP '%s'",
data/argyll-2.0.1+repack/xicc/xcal.c:116:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "Calibration file '%s' has unrecognized COLOR_REP '%s'",
data/argyll-2.0.1+repack/xicc/xcal.c:149:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err, "Calibration file '%s' has too few entries %d",
data/argyll-2.0.1+repack/xicc/xcal.c:155:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s_I",bident);
data/argyll-2.0.1+repack/xicc/xcal.c:157:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err,"Calibration file '%s' doesn't contain field '%s'", filename,buf);
data/argyll-2.0.1+repack/xicc/xcal.c:163:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s_%s",bident,icx_ink2char(imask));
data/argyll-2.0.1+repack/xicc/xcal.c:165:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err,"Calibration file '%s' doesn't contain field '%s'", filename,buf);
data/argyll-2.0.1+repack/xicc/xcal.c:317:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->err, tcg->err);
data/argyll-2.0.1+repack/xicc/xcal.c:367:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->err,"Unknown device class '%s'",icm2str(icmProfileClassSignature,p->devclass));
data/argyll-2.0.1+repack/xicc/xcal.c:394:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s_I",bident);
data/argyll-2.0.1+repack/xicc/xcal.c:399:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s_%s",bident,icx_ink2char(imask));
data/argyll-2.0.1+repack/xicc/xcal.c:444:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->err, tcg->err);
data/argyll-2.0.1+repack/xicc/xcal.c:451:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->err, tcg->err);
data/argyll-2.0.1+repack/xicc/xcolorants.c:179:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rv, icx_ink_table[i].c);
data/argyll-2.0.1+repack/xicc/xcolorantslu.c:212:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/xicc/xcolorantslu.c:225:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/argyll-2.0.1+repack/xicc/xfbview.c:190:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in_name,argv[fa]);
data/argyll-2.0.1+repack/xicc/xfbview.c:192:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_name, in_name);
data/argyll-2.0.1+repack/xicc/xicc.c:999:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->err, p->pp->err);
data/argyll-2.0.1+repack/xicc/xicc.c:1099:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->err, p->pp->err);
data/argyll-2.0.1+repack/xicc/xlut.c:204:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBOL(xxx) if (p->trace) printf xxx ;
data/argyll-2.0.1+repack/xicc/xlut.c:206:19: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBOL(xxx) printf xxx ;
data/argyll-2.0.1+repack/xicc/xlut.c:217:32: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBR(xxx) if (p->trace) printf xxx ;
data/argyll-2.0.1+repack/xicc/xlut.c:219:18: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBR(xxx) printf xxx ;
data/argyll-2.0.1+repack/xicc/xlut.c:230:34: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define DBS(xxx) if (p->trace) printf xxx ;
data/argyll-2.0.1+repack/xicc/xlut.c:232:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define DBS(xxx) printf xxx ;
data/argyll-2.0.1+repack/xicc/xlut.c:815:18: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBK(xxx) printf xxx ;
data/argyll-2.0.1+repack/xicc/xlut.c:905:18: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBK(xxx) printf xxx ;
data/argyll-2.0.1+repack/xicc/xlut.c:2164:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p->pp->err,"Unknown colorspace %s when setting auxliaries",
data/argyll-2.0.1+repack/xicc/xlut.c:2584:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->pp->err, p->pp->pp->err);
data/argyll-2.0.1+repack/xicc/xlut.c:3115:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(xicp->err,"set_icxLuLut: can't handle color space %s",
data/argyll-2.0.1+repack/xicc/xlut.c:3300:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(xicp->err,"set_icxLuLut: can't handle color space %s",
data/argyll-2.0.1+repack/xicc/xmatrix.c:1368:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(xicp->err,"set_icxLuMatrix: can't handle color space %s",
data/argyll-2.0.1+repack/xicc/xmatrix.c:1485:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(xicp->err,"set_icxLuMatrix: can't handle color space %s",
data/argyll-2.0.1+repack/xicc/xutils.c:44:20: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debug(xx) fprintf(errout, xx )
data/argyll-2.0.1+repack/xicc/xutils.c:45:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debug2(xx) fprintf xx
data/argyll-2.0.1+repack/xml/mxml-config.h:66:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/argyll-2.0.1+repack/xml/mxml-config.h:66:19: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/argyll-2.0.1+repack/xml/mxml-config.h:68:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/argyll-2.0.1+repack/xml/mxml-config.h:122:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _mxml_snprintf
data/argyll-2.0.1+repack/xml/mxml-config.h:127:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define vsnprintf _mxml_vsnprintf
data/argyll-2.0.1+repack/xml/mxml-config.h:192:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _mxml_snprintf
data/argyll-2.0.1+repack/xml/mxml-config.h:197:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define vsnprintf _mxml_vsnprintf
data/argyll-2.0.1+repack/xml/mxml-private.c:86:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(s, sizeof(s), format, ap);
data/argyll-2.0.1+repack/xml/mxml-string.c:62:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
bytes = vsnprintf(buffer, bufsize, format, ap);
data/argyll-2.0.1+repack/xml/mxml-string.c:87:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return (strcpy(t, s));
data/argyll-2.0.1+repack/xml/mxml-string.c:272:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(temp, tformat, va_arg(ap, double));
data/argyll-2.0.1+repack/xml/mxml-string.c:285:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bufptr, temp);
data/argyll-2.0.1+repack/xml/mxml-string.c:304:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(temp, tformat, va_arg(ap, long long));
data/argyll-2.0.1+repack/xml/mxml-string.c:307:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(temp, tformat, va_arg(ap, int));
data/argyll-2.0.1+repack/xml/mxml-string.c:320:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bufptr, temp);
data/argyll-2.0.1+repack/xml/mxml-string.c:330:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(temp, tformat, va_arg(ap, void *));
data/argyll-2.0.1+repack/xml/mxml-string.c:343:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bufptr, temp);
data/argyll-2.0.1+repack/xml/mxml-string.c:447:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
bytes = vsnprintf(temp, sizeof(temp), format, apcopy);
data/argyll-2.0.1+repack/xml/mxml-string.c:464:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, bytes + 1, format, ap);
data/argyll-2.0.1+repack/xml/mxmldoc.c:677:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bufptr, node->value.text.string);
data/argyll-2.0.1+repack/xml/mxmldoc.c:706:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bufptr, node->value.text.string);
data/argyll-2.0.1+repack/xml/mxmldoc.c:719:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, type->last_child->value.text.string);
data/argyll-2.0.1+repack/xml/mxmldoc.c:1248:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bufptr, node->value.text.string);
data/argyll-2.0.1+repack/xml/mxmldoc.c:3278:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(docset, 0) && !remove_directory(docset))
data/argyll-2.0.1+repack/yajl/yajl_parser.c:96:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((char *) str, errorType);
data/argyll-2.0.1+repack/yajl/yajl_parser.c:100:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((char *) str, errorText);
data/argyll-2.0.1+repack/yajl/yajl_parser.c:137:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((char *) newStr, (char *) str);
data/argyll-2.0.1+repack/yajl/yajl_parser.c:138:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((char *) newStr, text);
data/argyll-2.0.1+repack/yajl/yajl_parser.c:139:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((char *) newStr, arrow);
data/argyll-2.0.1+repack/yajl/yajl_tree.c:29:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/argyll-2.0.1+repack/yajl/yajl_tree.c:29:19: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/argyll-2.0.1+repack/yajl/yajl_tree.c:55:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf ((ctx)->errbuf, (ctx)->errbuf_size, param); \
data/argyll-2.0.1+repack/yajl/yajl_tree.c:61:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf ((ctx)->errbuf, (ctx)->errbuf_size, param1, param2); \
data/argyll-2.0.1+repack/ccast/axTLS/crypto_misc.c:127:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int)(size_t)&i);
data/argyll-2.0.1+repack/ccast/axTLS/os_port.h:85:9: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define srandom(A) srand(A)
data/argyll-2.0.1+repack/ccast/axTLS/os_port.h:85:33: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define srandom(A) srand(A)
data/argyll-2.0.1+repack/ccast/axTLS/os_port.h:86:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random() rand()
data/argyll-2.0.1+repack/ccast/axTLS/os_port.h:98:9: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
#define chroot(A) _chdir(A)
data/argyll-2.0.1+repack/ccast/ccast.c:415:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (p->forcedef || getenv("ARGYLL_CCAST_DEFAULT_RECEIVER") != NULL)
data/argyll-2.0.1+repack/icc/icc.c:19732:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("ARGYLL_CREATE_WRONG_VON_KRIES_OUTPUT_CLASS_REL_WP") != NULL)
data/argyll-2.0.1+repack/icc/icc.c:19746:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("ARGYLL_CREATE_DISPLAY_PROFILE_WITH_CHAD") != NULL)
data/argyll-2.0.1+repack/icc/icc.c:19754:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("ARGYLL_CREATE_OUTPUT_PROFILE_WITH_CHAD") != NULL)
data/argyll-2.0.1+repack/imdi/imdi_make.c:390:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
machtype = getenv("MACHTYPE");
data/argyll-2.0.1+repack/jcnf/jcnf.c:885:6: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
if (tmpnam(tname) == NULL) {
data/argyll-2.0.1+repack/numlib/numsup.c:137:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cp = getenv("PATH");
data/argyll-2.0.1+repack/numlib/numsup.c:158:9: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(b1, b2)) {
data/argyll-2.0.1+repack/numlib/numsup.c:221:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ev = getenv("ARGYLL_NOT_INTERACTIVE")) != NULL) {
data/argyll-2.0.1+repack/numlib/numsup.c:340:6: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&log->lock); \
data/argyll-2.0.1+repack/numlib/numsup.c:341:3: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&log->lock); \
data/argyll-2.0.1+repack/numlib/numsup.c:344:3: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&log->lock); \
data/argyll-2.0.1+repack/plot/vrml.c:1309:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ev = getenv("ARGYLL_3D_DISP_FORMAT")) != NULL) {
data/argyll-2.0.1+repack/profile/profout.c:2792:15: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
generate random pcs value
data/argyll-2.0.1+repack/render/render.c:357:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("ARGYLL_CCAST_TEST_PATTERN") != NULL) {
data/argyll-2.0.1+repack/rspl/rev.c:9983:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("ARGYLL_UNTWIST_GAMUT_SURFACE") != NULL)
data/argyll-2.0.1+repack/rspl/rev.c:12215:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ev = getenv("ARGYLL_REV_ACC_GRID_RES_MULT")) != NULL) {
data/argyll-2.0.1+repack/rspl/rev.c:12300:43: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
GetProcAddress(LoadLibrary("KERNEL32"), "GlobalMemoryStatusEx");
data/argyll-2.0.1+repack/rspl/rev.c:12419:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((ev = getenv("ARGYLL_REV_CACHE_MULT")) != NULL) {
data/argyll-2.0.1+repack/spectro/ccwin.c:627:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("ARGYLL_CCAST_TEST_PATTERN") != NULL) {
data/argyll-2.0.1+repack/spectro/ccxxmake.c:1020:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((dn = getenv("DISPLAY")) != NULL) {
data/argyll-2.0.1+repack/spectro/chartread.c:2494:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((na = getenv("ARGYLL_COLMTER_CAL_SPEC_SET")) != NULL) {
data/argyll-2.0.1+repack/spectro/chartread.c:2497:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if ((na = getenv("ARGYLL_COLMTER_COR_MATRIX")) != NULL) {
data/argyll-2.0.1+repack/spectro/conv.c:311:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(lock);
data/argyll-2.0.1+repack/spectro/conv.c:440:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
return getenv("HOME");
data/argyll-2.0.1+repack/spectro/conv.c:864:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((uids = getenv("SUDO_UID")) != NULL) { /* And we sudo's to get it */
data/argyll-2.0.1+repack/spectro/conv.c:876:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
return getenv("HOME");
data/argyll-2.0.1+repack/spectro/conv.h:89:28: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
# define amutex_init(lock) InitializeCriticalSection(&(lock))
data/argyll-2.0.1+repack/spectro/conv.h:91:28: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
# define amutex_lock(lock) EnterCriticalSection(&(lock))
data/argyll-2.0.1+repack/spectro/conv.h:101:27: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&(lock)))
data/argyll-2.0.1+repack/spectro/dispcal.c:2281:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((dn = getenv("DISPLAY")) != NULL) {
data/argyll-2.0.1+repack/spectro/dispcal.c:2297:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((na = getenv("ARGYLL_COLMTER_CAL_SPEC_SET")) != NULL) {
data/argyll-2.0.1+repack/spectro/dispcal.c:2300:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if ((na = getenv("ARGYLL_COLMTER_COR_MATRIX")) != NULL) {
data/argyll-2.0.1+repack/spectro/dispread.c:640:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((dn = getenv("DISPLAY")) != NULL) {
data/argyll-2.0.1+repack/spectro/dispread.c:656:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((na = getenv("ARGYLL_COLMTER_CAL_SPEC_SET")) != NULL) {
data/argyll-2.0.1+repack/spectro/dispread.c:659:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if ((na = getenv("ARGYLL_COLMTER_COR_MATRIX")) != NULL) {
data/argyll-2.0.1+repack/spectro/dispwin.c:273:82: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
pEnumDisplayDevices = (BOOL (WINAPI*)(PVOID,DWORD,PVOID,DWORD)) GetProcAddress(LoadLibrary("USER32"), "EnumDisplayDevicesA");
data/argyll-2.0.1+repack/spectro/dispwin.c:279:117: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
pWcsAssociateColorProfileWithDevice = (BOOL (WINAPI*)(WCS_PROFILE_MANAGEMENT_SCOPE,PCWSTR,PCWSTR)) GetProcAddress(LoadLibrary("mscms"), "WcsAssociateColorProfileWithDevice");
data/argyll-2.0.1+repack/spectro/dispwin.c:280:120: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
pWcsDisassociateColorProfileFromDevice = (BOOL (WINAPI*)(WCS_PROFILE_MANAGEMENT_SCOPE,PCWSTR,PCWSTR)) GetProcAddress(LoadLibrary("mscms"), "WcsDisassociateColorProfileFromDevice");
data/argyll-2.0.1+repack/spectro/dispwin.c:590:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((dname = getenv("DISPLAY")) != NULL) {
data/argyll-2.0.1+repack/spectro/dispwin.c:615:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("ARGYLL_IGNORE_XRANDR1_2") == NULL
data/argyll-2.0.1+repack/spectro/dispwin.c:1004:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("ARGYLL_IGNORE_XINERAMA") == NULL
data/argyll-2.0.1+repack/spectro/dispwin.c:2538:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("ARGYLL_USE_COLORD") != NULL
data/argyll-2.0.1+repack/spectro/dispwin.c:2697:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((uids = getenv("SUDO_UID")) != NULL
data/argyll-2.0.1+repack/spectro/dispwin.c:2698:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
&& (gids = getenv("SUDO_GID")) != NULL) {
data/argyll-2.0.1+repack/spectro/dispwin.c:2709:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SUDO_UID") != NULL
data/argyll-2.0.1+repack/spectro/dispwin.c:2710:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
&& getenv("SUDO_GID") != NULL) {
data/argyll-2.0.1+repack/spectro/dispwin.c:3040:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((uids = getenv("SUDO_UID")) != NULL
data/argyll-2.0.1+repack/spectro/dispwin.c:3041:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
&& (gids = getenv("SUDO_GID")) != NULL) {
data/argyll-2.0.1+repack/spectro/dispwin.c:3051:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SUDO_UID") != NULL
data/argyll-2.0.1+repack/spectro/dispwin.c:3052:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
&& getenv("SUDO_GID") != NULL) {
data/argyll-2.0.1+repack/spectro/dispwin.c:4691:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("ARGYLL_MIN_DISPLAY_UPDATE_DELAY_MS")) != NULL) {
data/argyll-2.0.1+repack/spectro/dispwin.c:4702:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("ARGYLL_DISPLAY_SETTLE_TIME_MULT")) != NULL) {
data/argyll-2.0.1+repack/spectro/dispwin.c:5883:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("ARGYLL_IGNORE_XRANDR1_2") == NULL
data/argyll-2.0.1+repack/spectro/dispwin.c:6476:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((dn = getenv("DISPLAY")) != NULL) {
data/argyll-2.0.1+repack/spectro/dtp20.c:362:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envv = getenv("ARGYLL_XCALSTD")) != NULL) {
data/argyll-2.0.1+repack/spectro/dtp22.c:304:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envv = getenv("ARGYLL_XCALSTD")) != NULL) {
data/argyll-2.0.1+repack/spectro/dtp41.c:335:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envv = getenv("ARGYLL_XCALSTD")) != NULL) {
data/argyll-2.0.1+repack/spectro/hidio.c:131:37: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
GetProcAddress(LoadLibrary("HID"), "HidD_GetHidGuid");
data/argyll-2.0.1+repack/spectro/hidio.c:133:40: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
GetProcAddress(LoadLibrary("HID"), "HidD_GetAttributes");
data/argyll-2.0.1+repack/spectro/i1d3.c:1467:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("I1D3_MIN_REF_QUANT_TIME")) != NULL)
data/argyll-2.0.1+repack/spectro/i1d3.c:2764:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("I1D3_MIN_INT_TIME")) != NULL)
data/argyll-2.0.1+repack/spectro/i1d3.c:3026:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("I1D3_MIN_INT_TIME")) != NULL)
data/argyll-2.0.1+repack/spectro/i1d3.c:3292:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("I1D3_MIN_REF_QUANT_TIME")) != NULL)
data/argyll-2.0.1+repack/spectro/i1d3.c:3898:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("I1D3_MIN_INT_TIME")) != NULL)
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:468:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envv = getenv("ARGYLL_XCALSTD")) != NULL) {
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:480:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
&& getenv("ARGYLL_DISABLE_I1PRO2_DRIVER") != NULL /* Disabled by environment */
data/argyll-2.0.1+repack/spectro/icoms.c:533:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envv = getenv("ARGYLL_EXCLUDE_SERIAL_SCAN")) != NULL) {
data/argyll-2.0.1+repack/spectro/mongoose.c:173:22: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
#define flockfile(x) EnterCriticalSection(&global_log_file_lock)
data/argyll-2.0.1+repack/spectro/mongoose.c:3111:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s = getenv("PATH")) != NULL)
data/argyll-2.0.1+repack/spectro/mongoose.c:3119:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s = getenv("COMSPEC")) != NULL) {
data/argyll-2.0.1+repack/spectro/mongoose.c:3122:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s = getenv("SYSTEMROOT")) != NULL) {
data/argyll-2.0.1+repack/spectro/mongoose.c:3125:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s = getenv("SystemDrive")) != NULL) {
data/argyll-2.0.1+repack/spectro/mongoose.c:3129:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s = getenv("LD_LIBRARY_PATH")) != NULL)
data/argyll-2.0.1+repack/spectro/mongoose.c:3133:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s = getenv("PERLLIB")) != NULL)
data/argyll-2.0.1+repack/spectro/mongoose.c:4872:3: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&global_log_file_lock);
data/argyll-2.0.1+repack/spectro/munki_imp.c:495:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envv = getenv("ARGYLL_XCALSTD")) != NULL) {
data/argyll-2.0.1+repack/spectro/oemarch.c:669:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((usr = getenv("SUDO_USER")) == NULL) {
data/argyll-2.0.1+repack/spectro/oemarch.c:670:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((usr = getenv("USER")) == NULL)
data/argyll-2.0.1+repack/spectro/oemarch.c:752:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((pf = getenv("PROGRAMFILES")) != NULL)
data/argyll-2.0.1+repack/spectro/spotread.c:911:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((na = getenv("ARGYLL_COLMTER_CAL_SPEC_SET")) != NULL) {
data/argyll-2.0.1+repack/spectro/spotread.c:914:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if ((na = getenv("ARGYLL_COLMTER_COR_MATRIX")) != NULL) {
data/argyll-2.0.1+repack/spectro/spotread.c:1677:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((cp = getenv("I1D3_MIN_INT_TIME")) != NULL) {
data/argyll-2.0.1+repack/spectro/ss.c:446:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((envv = getenv("ARGYLL_XCALSTD")) != NULL) {
data/argyll-2.0.1+repack/spectro/xdg_bds.c:315:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((xdg = getenv("XDG_DATA_HOME")) != NULL) {
data/argyll-2.0.1+repack/spectro/xdg_bds.c:322:46: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if (login_HOME() == NULL && (xdg = getenv("APPDATA")) != NULL) {
data/argyll-2.0.1+repack/spectro/xdg_bds.c:332:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
&& (home = getenv("APPDATA")) == NULL
data/argyll-2.0.1+repack/spectro/xdg_bds.c:363:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((xdg = getenv("XDG_CONFIG_HOME")) != NULL) {
data/argyll-2.0.1+repack/spectro/xdg_bds.c:370:46: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if (login_HOME() == NULL && (xdg = getenv("APPDATA")) != NULL) {
data/argyll-2.0.1+repack/spectro/xdg_bds.c:380:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
&& (home = getenv("APPDATA")) == NULL
data/argyll-2.0.1+repack/spectro/xdg_bds.c:411:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((xdg = getenv("XDG_CACHE_HOME")) != NULL) {
data/argyll-2.0.1+repack/spectro/xdg_bds.c:418:46: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if (login_HOME() == NULL && (xdg = getenv("APPDATA")) != NULL) {
data/argyll-2.0.1+repack/spectro/xdg_bds.c:433:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
&& (home = getenv("APPDATA")) == NULL
data/argyll-2.0.1+repack/spectro/xdg_bds.c:470:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((xdg = getenv("XDG_DATA_DIRS")) != NULL) {
data/argyll-2.0.1+repack/spectro/xdg_bds.c:485:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((home = getenv("ALLUSERSPROFILE")) == NULL
data/argyll-2.0.1+repack/spectro/xdg_bds.c:507:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((xdg = getenv("XDG_CONFIG_DIRS")) != NULL) {
data/argyll-2.0.1+repack/spectro/xdg_bds.c:516:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((home = getenv("ALLUSERSPROFILE")) == NULL
data/argyll-2.0.1+repack/spectro/xdg_bds.c:749:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((uids = getenv("SUDO_UID")) != NULL
data/argyll-2.0.1+repack/spectro/xdg_bds.c:750:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
&& (gids = getenv("SUDO_GID")) != NULL) {
data/argyll-2.0.1+repack/spectro/xdg_bds.c:761:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("SUDO_UID") != NULL
data/argyll-2.0.1+repack/spectro/xdg_bds.c:762:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
&& getenv("SUDO_GID") != NULL) {
data/argyll-2.0.1+repack/spectro/xdg_bds.c:970:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((xval = getenv(env)) != NULL) /* Save value before mods */
data/argyll-2.0.1+repack/ccast/axTLS/aes.c:156:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char Rcon[30]=
data/argyll-2.0.1+repack/ccast/axTLS/aes.c:247:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->iv, iv, 16);
data/argyll-2.0.1+repack/ccast/axTLS/aes.c:277:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv, ctx->iv, AES_IV_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/aes.c:285:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg_32, msg, AES_BLOCKSIZE);
data/argyll-2.0.1+repack/ccast/axTLS/aes.c:299:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, out_32, AES_BLOCKSIZE);
data/argyll-2.0.1+repack/ccast/axTLS/aes.c:305:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->iv, iv, AES_IV_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/aes.c:316:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv, ctx->iv, AES_IV_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/aes.c:324:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg_32, msg, AES_BLOCKSIZE);
data/argyll-2.0.1+repack/ccast/axTLS/aes.c:342:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, out_32, AES_BLOCKSIZE);
data/argyll-2.0.1+repack/ccast/axTLS/aes.c:348:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->iv, iv, AES_IV_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/asn1.c:134:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*object, &buf[*offset], len);
data/argyll-2.0.1+repack/ccast/axTLS/asn1.c:351:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*str, &buf[*offset], len);
data/argyll-2.0.1+repack/ccast/axTLS/asn1.c:459:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x509_ctx->signature, &cert[*offset], x509_ctx->sig_len);
data/argyll-2.0.1+repack/ccast/axTLS/bigint.c:265:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(biR->comps, bi->comps, bi->size*COMP_BYTE_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/bigint.c:436:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_u->comps, &u->comps[u->size-n-1-j], (n+1)*COMP_BYTE_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/bigint.c:488:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&u->comps[u->size-n-1-j], tmp_u->comps, (n+1)*COMP_BYTE_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/crypto.h:134:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cksum[16]; /* checksum of the data block */
data/argyll-2.0.1+repack/ccast/axTLS/crypto.h:135:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char state[48]; /* intermediate digest state */
data/argyll-2.0.1+repack/ccast/axTLS/crypto.h:136:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[16]; /* data block being processed */
data/argyll-2.0.1+repack/ccast/axTLS/crypto_misc.c:71:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *stream = fopen(filename, "rb");
data/argyll-2.0.1+repack/ccast/axTLS/crypto_misc.c:126:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entropy_pool, &i, ENTROPY_POOL_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/crypto_misc.c:190:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rand_data, entropy_pool, num_rand_bytes < ENTROPY_POOL_SIZE ?
data/argyll-2.0.1+repack/ccast/axTLS/crypto_misc.c:199:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entropy_pool, digest, MD5_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/crypto_misc.c:270:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[80];
data/argyll-2.0.1+repack/ccast/axTLS/crypto_misc.h:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ca_cert_dn[X509_NUM_DN_TYPES];
data/argyll-2.0.1+repack/ccast/axTLS/crypto_misc.h:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cert_dn[X509_NUM_DN_TYPES];
data/argyll-2.0.1+repack/ccast/axTLS/gen_cert.c:104:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[*offset], ser_oid , sizeof(ser_oid));
data/argyll-2.0.1+repack/ccast/axTLS/gen_cert.c:118:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[*offset], sig_oid, sizeof(sig_oid));
data/argyll-2.0.1+repack/ccast/axTLS/gen_cert.c:158:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fqdn[128];
data/argyll-2.0.1+repack/ccast/axTLS/gen_cert.c:211:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[*offset], time_seq, sizeof(time_seq));
data/argyll-2.0.1+repack/ccast/axTLS/gen_cert.c:238:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[*offset], block, pub_key_size);
data/argyll-2.0.1+repack/ccast/axTLS/gen_cert.c:240:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[*offset], pub_key_seq, sizeof(pub_key_seq));
data/argyll-2.0.1+repack/ccast/axTLS/gen_cert.c:270:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[*offset], rsa_enc_oid, sizeof(rsa_enc_oid));
data/argyll-2.0.1+repack/ccast/axTLS/gen_cert.c:291:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block, asn1_sig, sizeof(asn1_sig));
data/argyll-2.0.1+repack/ccast/axTLS/gen_cert.c:292:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&block[sizeof(asn1_sig)], sha_dgst, SHA1_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/gen_cert.c:300:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[*offset], enc_block, sig_size);
data/argyll-2.0.1+repack/ccast/axTLS/gen_cert.c:360:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*cert_data, buf, offset);
data/argyll-2.0.1+repack/ccast/axTLS/hmac.c:55:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k_ipad, key, key_len);
data/argyll-2.0.1+repack/ccast/axTLS/hmac.c:56:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k_opad, key, key_len);
data/argyll-2.0.1+repack/ccast/axTLS/hmac.c:88:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k_ipad, key, key_len);
data/argyll-2.0.1+repack/ccast/axTLS/hmac.c:89:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k_opad, key, key_len);
data/argyll-2.0.1+repack/ccast/axTLS/loader.c:112:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssl_obj->buf, data, len);
data/argyll-2.0.1+repack/ccast/axTLS/loader.c:185:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const begins[NUM_PEM_TYPES] =
data/argyll-2.0.1+repack/ccast/axTLS/loader.c:193:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const ends[NUM_PEM_TYPES] =
data/argyll-2.0.1+repack/ccast/axTLS/loader.c:201:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const aes_str[2] =
data/argyll-2.0.1+repack/ccast/axTLS/loader.c:231:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((start = strstr((const char *)where, aes_str[0]))) /* AES128? */
data/argyll-2.0.1+repack/ccast/axTLS/loader.c:235:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
else if ((start = strstr((const char *)where, aes_str[1]))) /* AES256? */
data/argyll-2.0.1+repack/ccast/axTLS/md2.c:127:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer + ctx->left, input, fill);
data/argyll-2.0.1+repack/ccast/axTLS/md2.c:156:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer, ctx->cksum, 16);
data/argyll-2.0.1+repack/ccast/axTLS/md2.c:159:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, ctx->state, 16);
data/argyll-2.0.1+repack/ccast/axTLS/md5.c:139:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[x], msg, partLen);
data/argyll-2.0.1+repack/ccast/axTLS/md5.c:151:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[x], &msg[i], len-i);
data/argyll-2.0.1+repack/ccast/axTLS/openssl.c:143:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, read_buf, ret > num ? num : ret);
data/argyll-2.0.1+repack/ccast/axTLS/openssl.c:200:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssl->session_id, (uint8_t *)session, SSL_SESSION_ID_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/openssl.c:245:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ssl->bm_data, num);
data/argyll-2.0.1+repack/ccast/axTLS/openssl.c:313:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen("/dev/null", "r");
data/argyll-2.0.1+repack/ccast/axTLS/os_port.c:141:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((x = open(pathname, flags)) < 0)
data/argyll-2.0.1+repack/ccast/axTLS/os_port.h:75:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#undef open
data/argyll-2.0.1+repack/ccast/axTLS/os_port.h:89:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open(A,B) _open(A,B)
data/argyll-2.0.1+repack/ccast/axTLS/p12.c:224:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(priv_key, Ai, SHA1_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/p12.c:288:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(auth_safes, &buf[auth_safes_start], auth_safes_len);
data/argyll-2.0.1+repack/ccast/axTLS/rsa.c:184:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_data, &block[i], size);
data/argyll-2.0.1+repack/ccast/axTLS/rsa.c:226:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_data, &block[i], size);
data/argyll-2.0.1+repack/ccast/axTLS/rsa.c:301:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out_data[3+num_pads_needed], in_data, in_len);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:402:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssl_cert->buf, buf, len);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:689:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t_buf, (mode == SSL_SERVER_WRITE || mode == SSL_CLIENT_WRITE) ?
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:691:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t_buf[8], hmac_header, SSL_RECORD_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:692:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t_buf[8+SSL_RECORD_SIZE], buf, buf_len);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:802:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&a1[MD5_SIZE], seed, seed_len);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:813:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a1, a2, MD5_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:830:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&a1[SHA1_SIZE], seed, seed_len);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:841:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a1, a2, SHA1_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:878:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)buf, "master secret");
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:879:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[13], ssl->dc->client_random, SSL_RANDOM_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:880:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[45], ssl->dc->server_random, SSL_RANDOM_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:892:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)buf, "key expansion");
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:893:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[13], server_random, SSL_RANDOM_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:894:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[45], client_random, SSL_RANDOM_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:928:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, mac_buf, MD5_SIZE + SHA1_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:1066:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssl->bm_data, in, length);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:1122:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t_buf + iv_size, ssl->bm_data, msg_length);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:1125:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssl->bm_data, t_buf, msg_length);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:1187:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssl->client_mac, q, ciph_info->digest_size);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:1194:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssl->server_mac, q, ciph_info->digest_size);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:1198:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(client_key, q, ciph_info->key_size);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:1200:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(server_key, q, ciph_info->key_size);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:1206:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(client_iv, q, ciph_info->iv_size);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:1208:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(server_iv, q, ciph_info->iv_size);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:1314:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssl->hmac_rheader, buf, 3); /* store for hmac */
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:1492:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssl->hmac_header, buf, 3); /* store for hmac */
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:1682:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssl->session->master_secret,
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:1814:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[offset], cert->buf, cert->size);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:1897:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssl->dc->master_secret,
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:2106:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[100];
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:2137:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "SSL Alert %d", -error_code);
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:2186:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"undefined - %d", error_code);
data/argyll-2.0.1+repack/ccast/axTLS/tls1_clnt.c:64:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssl->session_id, session_id, sess_id_size);
data/argyll-2.0.1+repack/ccast/axTLS/tls1_clnt.c:193:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/tls1_clnt.c:200:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[offset], ssl->session_id, ssl->sess_id_size);
data/argyll-2.0.1+repack/ccast/axTLS/tls1_clnt.c:254:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssl->dc->server_random, &buf[6], SSL_RANDOM_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/tls1_clnt.c:268:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssl->session->session_id, &buf[offset], sess_id_size);
data/argyll-2.0.1+repack/ccast/axTLS/tls1_clnt.c:278:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssl->session_id, &buf[offset], sess_id_size);
data/argyll-2.0.1+repack/ccast/axTLS/tls1_svr.c:140:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssl->dc->client_random, &buf[6], SSL_RANDOM_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/tls1_svr.c:245:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ssl->dc->client_random[random_offset], &buf[offset], ch_len);
data/argyll-2.0.1+repack/ccast/axTLS/tls1_svr.c:315:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssl->dc->server_random, &buf[6], SSL_RANDOM_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/tls1_svr.c:323:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[offset], ssl->session->session_id, SSL_SESSION_ID_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/tls1_svr.c:324:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssl->session_id, ssl->session->session_id, SSL_SESSION_ID_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/tls1_svr.c:334:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssl->session_id, &buf[offset], SSL_SESSION_ID_SIZE);
data/argyll-2.0.1+repack/ccast/axTLS/tls1_svr.c:340:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssl->session->session_id,
data/argyll-2.0.1+repack/ccast/axTLS/x509.c:184:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x509_ctx->subject_alt_dnsnames[totalnames],
data/argyll-2.0.1+repack/ccast/ccast.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/argyll-2.0.1+repack/ccast/ccast.c:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/argyll-2.0.1+repack/ccast/ccast.c:357:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mesbuf[1024];
data/argyll-2.0.1+repack/ccast/ccast.c:393:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int load_ccast(ccast *p, char *url, unsigned char *ibuf, size_t ilen,
data/argyll-2.0.1+repack/ccast/ccast.c:393:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int load_ccast(ccast *p, char *url, unsigned char *ibuf, size_t ilen,
data/argyll-2.0.1+repack/ccast/ccast.c:404:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mesbuf[1024];
data/argyll-2.0.1+repack/ccast/ccast.c:691:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xl, mesbuf[1024];
data/argyll-2.0.1+repack/ccast/ccast.c:698:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mesbuf,
data/argyll-2.0.1+repack/ccast/ccast.c:705:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mesbuf,
data/argyll-2.0.1+repack/ccast/ccast.c:712:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mesbuf,
data/argyll-2.0.1+repack/ccast/ccast.c:743:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf(cp, "{ \"requestId\": %d, \"type\": \"LOAD\", \"media\": "
data/argyll-2.0.1+repack/ccast/ccast.c:748:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "|rgb(%d, %d, %d)|%f|%f|%f|%f\","
data/argyll-2.0.1+repack/ccast/ccast.c:791:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf(cp, "{ ");
data/argyll-2.0.1+repack/ccast/ccast.c:792:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf(cp, "\"requestId\": %d,",reqid);
data/argyll-2.0.1+repack/ccast/ccast.c:793:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf(cp, "\"foreground\": { ");
data/argyll-2.0.1+repack/ccast/ccast.c:794:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf(cp, "\"contentType\": \"image/png\",");
data/argyll-2.0.1+repack/ccast/ccast.c:795:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf(cp, "\"encoding\": \"base64\",");
data/argyll-2.0.1+repack/ccast/ccast.c:796:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf(cp, "\"data\": \"");
data/argyll-2.0.1+repack/ccast/ccast.c:803:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf(cp, "\",");
data/argyll-2.0.1+repack/ccast/ccast.c:804:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf(cp, "\"size\": %lu",(unsigned long)EBASE64LEN(ilen));
data/argyll-2.0.1+repack/ccast/ccast.c:805:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf(cp, " },");
data/argyll-2.0.1+repack/ccast/ccast.c:807:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf(cp, "\"background\": \"rgb(%d, %d, %d)\",",
data/argyll-2.0.1+repack/ccast/ccast.c:812:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf(cp, "\"offset\": [%f, %f],",x,y);
data/argyll-2.0.1+repack/ccast/ccast.c:813:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf(cp, "\"scale\": [%f, %f]",w,h);
data/argyll-2.0.1+repack/ccast/ccast.c:814:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf(cp, " }");
data/argyll-2.0.1+repack/ccast/ccast.c:845:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf(cp, "{ ");
data/argyll-2.0.1+repack/ccast/ccast.c:846:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf(cp, "\"requestId\": %d,",reqid);
data/argyll-2.0.1+repack/ccast/ccast.c:847:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf(cp, "\"foreground\": \"");
data/argyll-2.0.1+repack/ccast/ccast.c:856:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cp += sprintf(cp, "\" }");
data/argyll-2.0.1+repack/ccast/ccast.h:39:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int (*load)(struct _ccast *p, char *url, unsigned char *data, size_t dlen,
data/argyll-2.0.1+repack/ccast/ccast.h:39:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int (*load)(struct _ccast *p, char *url, unsigned char *data, size_t dlen,
data/argyll-2.0.1+repack/ccast/ccmdns.c:186:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sbuf[40], *p = sbuf;
data/argyll-2.0.1+repack/ccast/ccmdns.c:189:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%x", buf[i * 2 + 1] * 256 + buf[i * 2 + 0]);
data/argyll-2.0.1+repack/ccast/ccmdns.c:206:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + off, s, len);
data/argyll-2.0.1+repack/ccast/ccmdns.c:717:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*rv, buf + off, len);
data/argyll-2.0.1+repack/ccast/ccmdns.c:923:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ss, buf + off, slen);
data/argyll-2.0.1+repack/ccast/ccmdns.c:939:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
caflags = atoi(ss + 3);
data/argyll-2.0.1+repack/ccast/ccmdns.c:991:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(*pip, "%d.%d.%d.%d", buf[off], buf[off+1], buf[off+2], buf[off+3]);
data/argyll-2.0.1+repack/ccast/ccmdns.c:1002:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(*pip, "%x:%x:%x:%x:%x:%x:%x:%x",
data/argyll-2.0.1+repack/ccast/ccmes.c:266:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mes->data, msg->payload_binary.data, msg->payload_binary.len);
data/argyll-2.0.1+repack/ccast/ccmes.c:284:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/argyll-2.0.1+repack/ccast/ccpacket.c:306:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sbuf+4, buf, len);
data/argyll-2.0.1+repack/ccast/ccpacket.c:426:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf + rlen, ibuf + ioff, clen);
data/argyll-2.0.1+repack/ccast/ccpacket.c:461:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf + rlen, ibuf + ioff, clen);
data/argyll-2.0.1+repack/ccast/ccpacket.c:514:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf + rlen, ibuf + ioff, clen);
data/argyll-2.0.1+repack/ccast/cctest.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/argyll-2.0.1+repack/ccast/cctest.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/argyll-2.0.1+repack/ccast/cctest.c:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mesbuf[1024];
data/argyll-2.0.1+repack/ccast/cctest.c:203:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/argyll-2.0.1+repack/ccast/cctest.c:238:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mesbuf, "{ \"requestId\": 2, \"type\": \"LOAD\", \"media\": "
data/argyll-2.0.1+repack/ccast/cctest.c:271:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mesbuf, "{ \"requestId\": 4, \"type\": \"LOAD\", \"media\": { \"contentId\": \"http://www.argyllcms.com/testing.png\",\"streamType\": \"LIVE\",\"contentType\": \"image/png\" } }");
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:207:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_data, simp->data, simp->len);
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:215:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(simp->data + simp->len, data, len);
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:566:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
size_t len = strlen(((char **) array)[i]);
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:805:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &value, 4);
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:836:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &value, 8);
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:888:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out + rv, str, len);
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:909:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out + rv, bd->data, len);
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:1112:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, in, n * 4);
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:1135:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, in, n * 8);
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:1296:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out + rv, field->data, field->len);
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:1945:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_field, *p_earlier,
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:1947:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_field +
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:2041:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(latter_elem, earlier_elem, el_size);
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:2158:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t, data, 4);
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:2202:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t, data, 8);
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:2294:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*pstr, data + pref_len, len - pref_len);
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:2317:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bd->data, data + pref_len, len - pref_len);
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:2529:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(array, at, count * siz);
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:2562:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ufield->data, scanned_member->data, ufield->len);
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:2622:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(field, dv, 4);
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:2630:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(field, dv, 8);
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:2633:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(field, dv, sizeof(protobuf_c_boolean));
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:2636:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(field, dv, sizeof(ProtobufCBinaryData));
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:2708:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char required_fields_bitmap_stack[16];
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:2998:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
do_free(allocator, ((char **) arr)[i]);
data/argyll-2.0.1+repack/cgats/cgats.c:592:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
expsets = atoi(tp);
data/argyll-2.0.1+repack/cgats/cgats.c:729:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iv = atoi((char *)ct->rfdata[j][i]);
data/argyll-2.0.1+repack/cgats/cgats.c:1336:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tcs[100];
data/argyll-2.0.1+repack/cgats/cgats.c:1551:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[30];
data/argyll-2.0.1+repack/cgats/cgats.c:1932:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fmt,"%%%d.%df",tot,tot-2);
data/argyll-2.0.1+repack/cgats/cgats.c:1936:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fmt,"%%f");
data/argyll-2.0.1+repack/cgats/cgats.c:1947:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fmt,"%%%d.%de",xtot,tot-2);
data/argyll-2.0.1+repack/cgats/cgats.c:1950:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fmt,"%%%d.%df",xtot-ndigs,nsd-ndigs);
data/argyll-2.0.1+repack/cgats/cgats.c:1956:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fmt,"%%%d.%de",xtot,tot-2);
data/argyll-2.0.1+repack/cgats/cgats.c:1959:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fmt,"%%%d.%df",xtot,(nsd + thr)-ndigs);
data/argyll-2.0.1+repack/cgats/cgats.c:2060:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[30];
data/argyll-2.0.1+repack/cgats/cgats.h:161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[CGATS_ERRM_LENGTH]; /* Error message */
data/argyll-2.0.1+repack/cgats/cgats.h:163:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ferr[CGATS_ERRM_LENGTH]; /* First error message */
data/argyll-2.0.1+repack/cgats/pars.c:487:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"parse.read_line(), realloc failed!");
data/argyll-2.0.1+repack/cgats/pars.c:571:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"parse.get_token(), realloc failed!");
data/argyll-2.0.1+repack/cgats/pars.h:230:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delf[256]; /* Parsing delimiter flags */
data/argyll-2.0.1+repack/cgats/pars.h:237:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[200]; /* Error message */
data/argyll-2.0.1+repack/cgats/parsstd.c:391:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nmode[50];
data/argyll-2.0.1+repack/cgats/parsstd.c:401:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(name, nmode)) == NULL)
data/argyll-2.0.1+repack/gamut/GenRMGam.c:739:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[MAXNAMEL+1]; /* VRML output file */
data/argyll-2.0.1+repack/gamut/GenRMGam.c:750:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(out_name, "RefMediumGamut.gam");
data/argyll-2.0.1+repack/gamut/GenVisGam.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[100]; /* VRML output file */
data/argyll-2.0.1+repack/gamut/GenVisGam.c:104:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(out_name, "VisGamut.gam");
data/argyll-2.0.1+repack/gamut/fakegam.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xl, out_name[500];
data/argyll-2.0.1+repack/gamut/fakegam.c:193:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
npoints = atoi(na);
data/argyll-2.0.1+repack/gamut/fakegam.c:215:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl,".gam");
data/argyll-2.0.1+repack/gamut/fakegam.c:313:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl,".wrl");
data/argyll-2.0.1+repack/gamut/gammap.c:2027:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/gamut/gammap.c:2028:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", i);
data/argyll-2.0.1+repack/gamut/gammap.c:2049:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fnames[3] = { "LAB_L", "LAB_A", "LAB_B" };
data/argyll-2.0.1+repack/gamut/gamut.c:160:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int write_trans_vrml(gamut *s, char *filename, int doaxes, int docusps,
data/argyll-2.0.1+repack/gamut/gamut.c:4999:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char isect[20] = "isect";
data/argyll-2.0.1+repack/gamut/gamut.c:5000:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char isect2[20] = "isect2";
data/argyll-2.0.1+repack/gamut/gamut.c:6209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/gamut/gamut.c:6236:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f %f %f", s->cent[0], s->cent[1], s->cent[2]);
data/argyll-2.0.1+repack/gamut/gamut.c:6244:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f %f %f", s->cs_wp[0], s->cs_wp[1], s->cs_wp[2]);
data/argyll-2.0.1+repack/gamut/gamut.c:6247:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f %f %f", s->ga_wp[0], s->ga_wp[1], s->ga_wp[2]);
data/argyll-2.0.1+repack/gamut/gamut.c:6250:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f %f %f", s->cs_bp[0], s->cs_bp[1], s->cs_bp[2]);
data/argyll-2.0.1+repack/gamut/gamut.c:6253:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f %f %f", s->ga_bp[0], s->ga_bp[1], s->ga_bp[2]);
data/argyll-2.0.1+repack/gamut/gamut.c:6259:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[50], buf2[100];
data/argyll-2.0.1+repack/gamut/gamut.c:6260:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cnames[6] = { "RED", "YELLOW", "GREEN", "CYAN", "BLUE", "MAGENTA" };
data/argyll-2.0.1+repack/gamut/gamut.c:6264:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2,"%f %f %f", s->cusps[i][0], s->cusps[i][1], s->cusps[i][2]);
data/argyll-2.0.1+repack/gamut/gamut.c:6411:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[50];
data/argyll-2.0.1+repack/gamut/gamut.c:6412:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cnames[6] = { "RED", "YELLOW", "GREEN", "CYAN", "BLUE", "MAGENTA" };
data/argyll-2.0.1+repack/gamut/maptest.c:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[100];
data/argyll-2.0.1+repack/gamut/maptest.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char img_name[MAXNAMEL+1] = "";
data/argyll-2.0.1+repack/gamut/maptest.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[100];
data/argyll-2.0.1+repack/gamut/maptest.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diag_name[100];
data/argyll-2.0.1+repack/gamut/maptest.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gammapwrl[30] = "gammap"; /* Diagnostic file name */
data/argyll-2.0.1+repack/gamut/maptest.c:131:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl,".gam");
data/argyll-2.0.1+repack/gamut/maptest.c:146:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl,".gam");
data/argyll-2.0.1+repack/gamut/maptest.c:162:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl,".gam");
data/argyll-2.0.1+repack/gamut/maptest.c:235:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl,".gam");
data/argyll-2.0.1+repack/gamut/nearsmth.c:1894:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_gam_name[40] = "si_gam";
data/argyll-2.0.1+repack/gamut/nearsmth.c:1901:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(src_gam_name, "src_gam");
data/argyll-2.0.1+repack/gamut/nearsmth.c:1956:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_gam_name[30] = "dst_gam";
data/argyll-2.0.1+repack/gamut/nearsmth.c:1962:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dst_gam_name, "nedst_gam");
data/argyll-2.0.1+repack/gamut/nearsmth.c:3727:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/gamut/nearsmth.c:3728:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", i);
data/argyll-2.0.1+repack/gamut/smthtest.c:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[100];
data/argyll-2.0.1+repack/gamut/smthtest.c:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[100];
data/argyll-2.0.1+repack/gamut/smthtest.c:108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diag_name[100];
data/argyll-2.0.1+repack/gamut/smthtest.c:186:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl,".gam");
data/argyll-2.0.1+repack/gamut/smthtest.c:199:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl,".gam");
data/argyll-2.0.1+repack/gamut/surftest.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[100];
data/argyll-2.0.1+repack/gamut/surftest.c:117:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ntpoints = atoi(na);
data/argyll-2.0.1+repack/gamut/surftest.c:126:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
npoints = atoi(argv[fa]);
data/argyll-2.0.1+repack/gamut/surftest.c:128:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(out_name,"surftest.wrl");
data/argyll-2.0.1+repack/gamut/viewgam.c:108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[MAXNAMEL+1];
data/argyll-2.0.1+repack/gamut/viewgam.c:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[MAXNAMEL+1+10];
data/argyll-2.0.1+repack/gamut/viewgam.c:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iout_name[MAXNAMEL+1] = "\000";;
data/argyll-2.0.1+repack/gamut/viewgam.c:458:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[50];
data/argyll-2.0.1+repack/gamut/viewgam.c:459:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cnames[6] = { "RED", "YELLOW", "GREEN", "CYAN", "BLUE", "MAGENTA" };
data/argyll-2.0.1+repack/icc/icc.c:1000:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5][20]; /* String buffers */
data/argyll-2.0.1+repack/icc/icc.c:1002:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[4];
data/argyll-2.0.1+repack/icc/icc.c:1016:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bp,"0x%x",tag);
data/argyll-2.0.1+repack/icc/icc.c:1018:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bp,"'%c%c%c%c'",c[0],c[1],c[2],c[3]);
data/argyll-2.0.1+repack/icc/icc.c:1283:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5][80]; /* String buffers */
data/argyll-2.0.1+repack/icc/icc.c:1290:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp,"Default Screen");
data/argyll-2.0.1+repack/icc/icc.c:1292:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp,"No Default Screen");
data/argyll-2.0.1+repack/icc/icc.c:1296:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp,", Lines Per Inch");
data/argyll-2.0.1+repack/icc/icc.c:1298:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp,", Lines Per cm");
data/argyll-2.0.1+repack/icc/icc.c:1308:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5][80]; /* String buffers */
data/argyll-2.0.1+repack/icc/icc.c:1315:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp,"Transparency");
data/argyll-2.0.1+repack/icc/icc.c:1317:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp,"Reflective");
data/argyll-2.0.1+repack/icc/icc.c:1321:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp,", Matte");
data/argyll-2.0.1+repack/icc/icc.c:1323:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp,", Glossy");
data/argyll-2.0.1+repack/icc/icc.c:1327:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp,", Negative");
data/argyll-2.0.1+repack/icc/icc.c:1329:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp,", Positive");
data/argyll-2.0.1+repack/icc/icc.c:1333:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp,", BlackAndWhite");
data/argyll-2.0.1+repack/icc/icc.c:1335:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp,", Color");
data/argyll-2.0.1+repack/icc/icc.c:1345:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5][80]; /* String buffers */
data/argyll-2.0.1+repack/icc/icc.c:1352:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp,"Embedded Profile");
data/argyll-2.0.1+repack/icc/icc.c:1354:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp,"Not Embedded Profile");
data/argyll-2.0.1+repack/icc/icc.c:1358:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp,", Use with embedded data only");
data/argyll-2.0.1+repack/icc/icc.c:1360:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp,", Use anywhere");
data/argyll-2.0.1+repack/icc/icc.c:1370:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5][80]; /* String buffers */
data/argyll-2.0.1+repack/icc/icc.c:1377:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp,"Binary");
data/argyll-2.0.1+repack/icc/icc.c:1379:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp,"Ascii");
data/argyll-2.0.1+repack/icc/icc.c:1393:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/argyll-2.0.1+repack/icc/icc.c:1498:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/argyll-2.0.1+repack/icc/icc.c:1552:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/argyll-2.0.1+repack/icc/icc.c:1610:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/argyll-2.0.1+repack/icc/icc.c:1706:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/argyll-2.0.1+repack/icc/icc.c:1730:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/argyll-2.0.1+repack/icc/icc.c:1752:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[30];
data/argyll-2.0.1+repack/icc/icc.c:1761:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Unrecognized - 0x%x",sig);
data/argyll-2.0.1+repack/icc/icc.c:1768:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[30];
data/argyll-2.0.1+repack/icc/icc.c:1785:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Unrecognized - 0x%x",sig);
data/argyll-2.0.1+repack/icc/icc.c:1792:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[30];
data/argyll-2.0.1+repack/icc/icc.c:1803:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Unrecognized - 0x%x",sig);
data/argyll-2.0.1+repack/icc/icc.c:1811:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[30];
data/argyll-2.0.1+repack/icc/icc.c:1830:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Unrecognized - 0x%x",sig);
data/argyll-2.0.1+repack/icc/icc.c:1837:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[30];
data/argyll-2.0.1+repack/icc/icc.c:1846:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Unrecognized - 0x%x",sig);
data/argyll-2.0.1+repack/icc/icc.c:1853:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[30];
data/argyll-2.0.1+repack/icc/icc.c:1874:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Unrecognized - 0x%x",sig);
data/argyll-2.0.1+repack/icc/icc.c:1881:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/argyll-2.0.1+repack/icc/icc.c:1895:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Unrecognized - %d",alg);
data/argyll-2.0.1+repack/icc/icc.c:1973:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUnknown_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:1979:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUnknown_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:1987:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUnknown_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:2024:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUnknown_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:2028:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUnknown_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:2035:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUnknown_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:2045:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUnknown_write: write_UInt8umber() failed");
data/argyll-2.0.1+repack/icc/icc.c:2054:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUnknown_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:2134:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUnknown_alloc: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:2141:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUnknown_alloc: malloc() of icmUnknown data failed");
data/argyll-2.0.1+repack/icc/icc.c:2209:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt8Array_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:2215:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt8Array_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:2223:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt8Array_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:2237:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt8Array_read: Wrong tag type for icmUInt8Array");
data/argyll-2.0.1+repack/icc/icc.c:2264:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt8Array_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:2268:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt8Array_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:2275:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt8Array_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:2285:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt8Array_write: write_UInt8umber() failed");
data/argyll-2.0.1+repack/icc/icc.c:2294:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt8Array_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:2330:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt8Array_alloc: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:2337:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt8Array_alloc: malloc() of icmUInt8Array data failed");
data/argyll-2.0.1+repack/icc/icc.c:2404:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt16Array_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:2410:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt16Array_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:2418:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt16Array_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:2431:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt16Array_read: Wrong tag type for icmUInt16Array");
data/argyll-2.0.1+repack/icc/icc.c:2459:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt16Array_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:2463:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt16Array_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:2470:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt16Array_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:2480:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt16Array_write: write_UInt16umber() failed");
data/argyll-2.0.1+repack/icc/icc.c:2489:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt16Array_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:2525:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt16Array_alloc:: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:2532:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt16Array_alloc: malloc() of icmUInt16Array data failed");
data/argyll-2.0.1+repack/icc/icc.c:2599:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt32Array_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:2605:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt32Array_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:2613:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt32Array_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:2626:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt32Array_read: Wrong tag type for icmUInt32Array");
data/argyll-2.0.1+repack/icc/icc.c:2654:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt32Array_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:2658:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt32Array_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:2665:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt32Array_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:2675:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt32Array_write: write_UInt32umber() failed");
data/argyll-2.0.1+repack/icc/icc.c:2684:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt32Array_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:2720:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt32Array_alloc: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:2727:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt32Array_alloc: malloc() of icmUInt32Array data failed");
data/argyll-2.0.1+repack/icc/icc.c:2794:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt64Array_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:2800:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt64Array_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:2808:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt64Array_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:2821:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt64Array_read: Wrong tag type for icmUInt64Array");
data/argyll-2.0.1+repack/icc/icc.c:2849:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt64Array_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:2853:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt64Array_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:2860:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt64Array_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:2870:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt64Array_write: write_UInt64umber() failed");
data/argyll-2.0.1+repack/icc/icc.c:2879:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt64Array_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:2915:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt64Array_alloc: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:2922:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUInt64Array_alloc: malloc() of icmUInt64Array data failed");
data/argyll-2.0.1+repack/icc/icc.c:2989:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmU16Fixed16Array_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:2995:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmU16Fixed16Array_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:3003:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmU16Fixed16Array_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:3016:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmU16Fixed16Array_read: Wrong tag type for icmU16Fixed16Array");
data/argyll-2.0.1+repack/icc/icc.c:3044:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmU16Fixed16Array_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:3048:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmU16Fixed16Array_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:3055:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmU16Fixed16Array_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:3065:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmU16Fixed16Array_write: write_U16Fixed16umber() failed");
data/argyll-2.0.1+repack/icc/icc.c:3074:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmU16Fixed16Array_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:3110:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmU16Fixed16Array_alloc: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:3116:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmU16Fixed16Array_alloc: malloc() of icmU16Fixed16Array data failed");
data/argyll-2.0.1+repack/icc/icc.c:3183:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmS15Fixed16Array_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:3189:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmS15Fixed16Array_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:3197:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmS15Fixed16Array_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:3210:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmS15Fixed16Array_read: Wrong tag type for icmS15Fixed16Array");
data/argyll-2.0.1+repack/icc/icc.c:3238:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmS15Fixed16Array_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:3242:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmS15Fixed16Array_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:3249:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmS15Fixed16Array_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:3259:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmS15Fixed16Array_write: write_S15Fixed16umber() failed");
data/argyll-2.0.1+repack/icc/icc.c:3268:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmS15Fixed16Array_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:3304:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmS15Fixed16Array_alloc: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:3310:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmS15Fixed16Array_alloc: malloc() of icmS15Fixed16Array data failed");
data/argyll-2.0.1+repack/icc/icc.c:3374:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[40];
data/argyll-2.0.1+repack/icc/icc.c:3376:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%.8f, %.8f, %.8f", p->X, p->Y, p->Z);
data/argyll-2.0.1+repack/icc/icc.c:3383:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[100];
data/argyll-2.0.1+repack/icc/icc.c:3419:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmXYZArray_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:3425:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmXYZArray_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:3433:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmXYZArray_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:3446:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmXYZArray_read: Wrong tag type for icmXYZArray");
data/argyll-2.0.1+repack/icc/icc.c:3474:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmXYZArray_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:3478:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmXYZArray_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:3485:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmXYZArray_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:3495:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmXYZArray_write: write_XYZumber() failed");
data/argyll-2.0.1+repack/icc/icc.c:3504:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmXYZArray_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:3542:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmXYZArray_alloc: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:3548:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmXYZArray_alloc: malloc() of icmXYZArray data failed");
data/argyll-2.0.1+repack/icc/icc.c:3821:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCurve_lookup: Malloc failure in reverse lookup init.");
data/argyll-2.0.1+repack/icc/icc.c:3854:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCurve_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:3860:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCurve_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:3869:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCurve_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:3876:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCurve_read: Wrong tag type for icmCurve");
data/argyll-2.0.1+repack/icc/icc.c:3892:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCurve_read: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:3905:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCurve_read: Data too short for curve gamma");
data/argyll-2.0.1+repack/icc/icc.c:3914:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCurve_read: Data too short for curve value");
data/argyll-2.0.1+repack/icc/icc.c:3939:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCurve_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:3943:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCurve_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:3950:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCurve_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:3958:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCurve_write: write_UInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:3967:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCurve_write: Must be exactly 0 entry for Linear");
data/argyll-2.0.1+repack/icc/icc.c:3973:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCurve_write: Must be exactly 1 entry for Gamma");
data/argyll-2.0.1+repack/icc/icc.c:3978:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCurve_write: write_U8Fixed8umber(%.8f) failed",p->data[0]);
data/argyll-2.0.1+repack/icc/icc.c:3984:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCurve_write: Must be 2 or more entries for Specified curve");
data/argyll-2.0.1+repack/icc/icc.c:3990:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCurve_write: write_UInt16umber(%.8f) failed",p->data[i]);
data/argyll-2.0.1+repack/icc/icc.c:4000:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCurve_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:4042:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCurve_alloc: flag not set");
data/argyll-2.0.1+repack/icc/icc.c:4051:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCurve_alloc: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:4057:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCurve_alloc: malloc() of icmCurve data failed");
data/argyll-2.0.1+repack/icc/icc.c:4131:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmData_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:4137:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmData_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:4145:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmData_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:4153:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmData_read: Wrong tag type for icmData");
data/argyll-2.0.1+repack/icc/icc.c:4168:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmData_read: Unknown flag value 0x%x",f);
data/argyll-2.0.1+repack/icc/icc.c:4177:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmData_read: ACSII is not null terminated");
data/argyll-2.0.1+repack/icc/icc.c:4207:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmData_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:4211:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmData_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:4218:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmData_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:4231:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmData_write: Unknown Data Flag value");
data/argyll-2.0.1+repack/icc/icc.c:4237:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmData_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:4246:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmData_write: ASCII is not null terminated");
data/argyll-2.0.1+repack/icc/icc.c:4258:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmData_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:4357:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmData_alloc: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:4363:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmData_alloc: malloc() of icmData data failed");
data/argyll-2.0.1+repack/icc/icc.c:4430:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmText_read: Tag too short to be legal");
data/argyll-2.0.1+repack/icc/icc.c:4436:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmText_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:4444:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmText_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:4452:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmText_read: Wrong tag type for icmText");
data/argyll-2.0.1+repack/icc/icc.c:4460:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmText_read: text is not null terminated");
data/argyll-2.0.1+repack/icc/icc.c:4489:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmText_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:4493:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmText_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:4500:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmText_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:4509:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmText_write: text is not null terminated");
data/argyll-2.0.1+repack/icc/icc.c:4520:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmText_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:4581:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmText_alloc: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:4587:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmText_alloc: malloc() of icmText data failed");
data/argyll-2.0.1+repack/icc/icc.c:4735:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *mstring[13] = {"Bad", "Jan","Feb","Mar","Apr","May","Jun",
data/argyll-2.0.1+repack/icc/icc.c:4737:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/argyll-2.0.1+repack/icc/icc.c:4783:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmDateTimeNumber_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:4789:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmDateTimeNumber_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:4797:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmDateTimeNumber_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:4804:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmDateTimeNumber_read: Wrong tag type for icmDateTimeNumber");
data/argyll-2.0.1+repack/icc/icc.c:4812:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmDateTimeNumber_read: Corrupted DateTime");
data/argyll-2.0.1+repack/icc/icc.c:4834:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmDateTimeNumber_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:4838:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmDateTimeNumber_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:4845:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmDateTimeNumber_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:4854:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmDateTimeNumber_write: write_DateTimeNumber() failed");
data/argyll-2.0.1+repack/icc/icc.c:4862:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmDateTimeNumber_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:5063:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_lookup_clut: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:5299:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_lookup_clut: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:5771:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmSetMultiLutTables has illegal number of tables %d",ntables);
data/argyll-2.0.1+repack/icc/icc.c:5784:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmSetMultiLutTables Tables base icc is different");
data/argyll-2.0.1+repack/icc/icc.c:5788:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmSetMultiLutTables Tables have different Tag Type");
data/argyll-2.0.1+repack/icc/icc.c:5793:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmSetMultiLutTables Tables have different inputChan");
data/argyll-2.0.1+repack/icc/icc.c:5797:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmSetMultiLutTables Tables have different outputChan");
data/argyll-2.0.1+repack/icc/icc.c:5801:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmSetMultiLutTables Tables have different clutPoints");
data/argyll-2.0.1+repack/icc/icc.c:5807:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_set_tables index to input colorspace function lookup failed");
data/argyll-2.0.1+repack/icc/icc.c:5811:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_set_tables input colorspace to table entry function lookup failed");
data/argyll-2.0.1+repack/icc/icc.c:5815:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_set_tables table entry to input colorspace function lookup failed");
data/argyll-2.0.1+repack/icc/icc.c:5820:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_set_tables output colorspace to table entry function lookup failed");
data/argyll-2.0.1+repack/icc/icc.c:5824:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_set_tables table entry to output colorspace function lookup failed");
data/argyll-2.0.1+repack/icc/icc.c:5834:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:5984:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_set_tables malloc of cube center array failed");
data/argyll-2.0.1+repack/icc/icc.c:5995:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_set_tables malloc of cube center array failed");
data/argyll-2.0.1+repack/icc/icc.c:6019:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_alloc size overflow");
data/argyll-2.0.1+repack/icc/icc.c:6037:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_set_tables malloc of vertex smoothing value array failed");
data/argyll-2.0.1+repack/icc/icc.c:6257:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_set_tables malloc of grid copy failed");
data/argyll-2.0.1+repack/icc/icc.c:6272:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(clutTable1, pn->clutTable, sizeof(double) * pn->clutTable_size);
data/argyll-2.0.1+repack/icc/icc.c:6484:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:6490:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:6498:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:6506:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_read: Wrong tag type for icmLut");
data/argyll-2.0.1+repack/icc/icc.c:6513:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:6519:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:6554:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_read: Tag wrong size for contents");
data/argyll-2.0.1+repack/icc/icc.c:6614:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:6618:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:6625:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:6633:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_write: write_UInt8Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:6638:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_write: write_UInt8Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:6645:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_write: write_UInt8Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:6651:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_write: write_UInt8Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:6663:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_write: write_S15Fixed16Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:6673:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_write: 8 bit Input and Output tables must be 256 entries");
data/argyll-2.0.1+repack/icc/icc.c:6680:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_write: 16 bit Input and Output tables must each be less than 4096 entries");
data/argyll-2.0.1+repack/icc/icc.c:6685:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_write: write_UInt16Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:6690:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_write: write_UInt16Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:6702:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_write: inputTable write_DCS8Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:6710:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_write: inputTable write_DCS16Number(%.8f) failed",p->inputTable[i]);
data/argyll-2.0.1+repack/icc/icc.c:6722:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_write: clutTable write_DCS8Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:6730:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_write: clutTable write_DCS16Number(%.8f) failed",p->clutTable[i]);
data/argyll-2.0.1+repack/icc/icc.c:6742:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_write: outputTable write_DCS8Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:6750:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_write: outputTable write_DCS16Number(%.8f) failed",p->outputTable[i]);
data/argyll-2.0.1+repack/icc/icc.c:6760:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:6855:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_alloc: Can't handle %d input channels\n",p->inputChan);
data/argyll-2.0.1+repack/icc/icc.c:6860:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_alloc: Can't handle > %d input channels\n",MAX_CHAN);
data/argyll-2.0.1+repack/icc/icc.c:6865:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_alloc: Can't handle > %d output channels\n",MAX_CHAN);
data/argyll-2.0.1+repack/icc/icc.c:6870:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_alloc size overflow");
data/argyll-2.0.1+repack/icc/icc.c:6875:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_alloc: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:6881:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_alloc: calloc() of Lut inputTable data failed");
data/argyll-2.0.1+repack/icc/icc.c:6887:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_alloc size overflow");
data/argyll-2.0.1+repack/icc/icc.c:6892:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_alloc: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:6898:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_alloc: calloc() of Lut clutTable data failed");
data/argyll-2.0.1+repack/icc/icc.c:6904:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_alloc size overflow");
data/argyll-2.0.1+repack/icc/icc.c:6909:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_alloc: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:6915:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmLut_alloc: calloc() of Lut outputTable data failed");
data/argyll-2.0.1+repack/icc/icc.c:7044:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmMeasurement_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:7050:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmMeasurement_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:7058:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmMeasurement_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:7065:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmMeasurement_read: Wrong tag type for icmMeasurement");
data/argyll-2.0.1+repack/icc/icc.c:7075:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmMeasurement: read_XYZNumber error");
data/argyll-2.0.1+repack/icc/icc.c:7106:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmMeasurement_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:7110:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmMeasurement_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:7117:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmMeasurement_write, type: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:7125:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmMeasurementa_write, observer: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:7132:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmMeasurement, backing: write_XYZNumber error");
data/argyll-2.0.1+repack/icc/icc.c:7139:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmMeasurementa_write, geometry: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:7146:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmMeasurementa_write, flare: write_U16Fixed16Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:7153:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmMeasurementa_write, illuminant: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:7161:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmMeasurement_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:7241:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColorVal_read: Data too short to read");
data/argyll-2.0.1+repack/icc/icc.c:7246:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColorVal_read: Root name string not terminated");
data/argyll-2.0.1+repack/icc/icc.c:7253:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColorVal_read: Data too short to read device coords");
data/argyll-2.0.1+repack/icc/icc.c:7277:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColorVal2_read: Data too short to read");
data/argyll-2.0.1+repack/icc/icc.c:7281:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColorVal2_read: Root name string not terminated");
data/argyll-2.0.1+repack/icc/icc.c:7312:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColorVal_write: Root string names is unterminated");
data/argyll-2.0.1+repack/icc/icc.c:7319:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColorVal_write: write of device coord failed");
data/argyll-2.0.1+repack/icc/icc.c:7338:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColorVal2_write: Root string names is unterminated");
data/argyll-2.0.1+repack/icc/icc.c:7352:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColorVal2_write: Unknown PCS");
data/argyll-2.0.1+repack/icc/icc.c:7356:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColorVal2_write: write of PCS coord failed");
data/argyll-2.0.1+repack/icc/icc.c:7361:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColorVal2_write: write of device coord failed");
data/argyll-2.0.1+repack/icc/icc.c:7414:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:7420:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:7429:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:7437:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_read: Wrong tag type for icmNamedColor");
data/argyll-2.0.1+repack/icc/icc.c:7444:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:7451:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_read: Can't handle more than %d device channels",MAX_CHAN);
data/argyll-2.0.1+repack/icc/icc.c:7458:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:7476:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_read: Data too short to read");
data/argyll-2.0.1+repack/icc/icc.c:7481:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_read: Color prefix is not null terminated");
data/argyll-2.0.1+repack/icc/icc.c:7491:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_read: Data too short to read");
data/argyll-2.0.1+repack/icc/icc.c:7496:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_read: Color suffix is not null terminated");
data/argyll-2.0.1+repack/icc/icc.c:7522:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_read: Can't handle more than %d device channels",MAX_CHAN);
data/argyll-2.0.1+repack/icc/icc.c:7530:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_read: Color prefix is not null terminated");
data/argyll-2.0.1+repack/icc/icc.c:7538:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_read: Color suffix is not null terminated");
data/argyll-2.0.1+repack/icc/icc.c:7576:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:7580:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:7587:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:7595:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_write: write_UInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:7602:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_write: write_UInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:7612:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_write: Color prefix is not null terminated");
data/argyll-2.0.1+repack/icc/icc.c:7621:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_write: Color sufix is not null terminated");
data/argyll-2.0.1+repack/icc/icc.c:7641:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_write: write_UInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:7648:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_write: Color prefix is not null terminated");
data/argyll-2.0.1+repack/icc/icc.c:7656:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_write: Color sufix is not null terminated");
data/argyll-2.0.1+repack/icc/icc.c:7675:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:7749:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_alloc: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:7755:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmNamedColor_alloc: malloc() of icmNamedColor data failed");
data/argyll-2.0.1+repack/icc/icc.c:7814:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmColorantTableVal_read: Data too short to read");
data/argyll-2.0.1+repack/icc/icc.c:7818:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmColorantTableVal_read: Name string not terminated");
data/argyll-2.0.1+repack/icc/icc.c:7842:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmColorantTableVal_write: Name string is unterminated");
data/argyll-2.0.1+repack/icc/icc.c:7853:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmColorantTableVal_write: Unknown PCS");
data/argyll-2.0.1+repack/icc/icc.c:7857:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmColorantTableVal_write: write of PCS coord failed");
data/argyll-2.0.1+repack/icc/icc.c:7904:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmColorantTable_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:7910:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmColorantTable_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:7919:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmColorantTable_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:7928:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmColorantTable_read: Wrong tag type for icmColorantTable");
data/argyll-2.0.1+repack/icc/icc.c:7934:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmColorantTable_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:7946:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmColorantTable_read count overflow, count %x, len %d",p->count,len);
data/argyll-2.0.1+repack/icc/icc.c:8003:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmColorantTable_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:8007:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmColorantTable_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:8014:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmColorantTable_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:8022:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmColorantTable_write: write_UInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:8040:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmColorantTable_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:8109:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmColorantTable_alloc: count overflow (%d of %lu bytes)",
data/argyll-2.0.1+repack/icc/icc.c:8116:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmColorantTable_alloc: malloc() of icmColorantTable data failed");
data/argyll-2.0.1+repack/icc/icc.c:8191:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:8197:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:8206:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:8232:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_read: Data too short to type descriptor");
data/argyll-2.0.1+repack/icc/icc.c:8250:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_read: Data too short to read Ascii header");
data/argyll-2.0.1+repack/icc/icc.c:8259:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_read: Data too short to read Ascii string");
data/argyll-2.0.1+repack/icc/icc.c:8264:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_read: ascii string is not terminated");
data/argyll-2.0.1+repack/icc/icc.c:8270:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_read: ascii string is shorter than count");
data/argyll-2.0.1+repack/icc/icc.c:8287:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_read: Data too short to read Unicode string");
data/argyll-2.0.1+repack/icc/icc.c:8300:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_read: Data too short to read Unicode string");
data/argyll-2.0.1+repack/icc/icc.c:8305:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_read: Unicode string is not terminated");
data/argyll-2.0.1+repack/icc/icc.c:8311:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_read: Unicode string is shorter than count");
data/argyll-2.0.1+repack/icc/icc.c:8329:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_read: Data too short to read ScriptCode header");
data/argyll-2.0.1+repack/icc/icc.c:8339:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_read: ScriptCode string too long");
data/argyll-2.0.1+repack/icc/icc.c:8344:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_read: Data too short to read ScriptCode string");
data/argyll-2.0.1+repack/icc/icc.c:8350:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_read: ScriptCode string is not terminated");
data/argyll-2.0.1+repack/icc/icc.c:8380:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:8384:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:8398:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:8417:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:8426:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_write: write_UInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:8434:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_write: ascii string is not terminated");
data/argyll-2.0.1+repack/icc/icc.c:8439:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_write: ascii string is shorter than length");
data/argyll-2.0.1+repack/icc/icc.c:8448:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_write: write_UInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:8454:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_write: write_UInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:8463:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_write: Unicode string is not terminated");
data/argyll-2.0.1+repack/icc/icc.c:8468:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_write: Unicode string is shorter than length");
data/argyll-2.0.1+repack/icc/icc.c:8473:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_write: write_UInt16Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:8485:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_write: write_UInt16Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:8491:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_write: write_UInt8Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:8499:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_write: ScriptCode string too long");
data/argyll-2.0.1+repack/icc/icc.c:8504:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_write: ScriptCode string is not terminated");
data/argyll-2.0.1+repack/icc/icc.c:8633:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_alloc: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:8639:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_alloc: malloc() of Ascii description failed");
data/argyll-2.0.1+repack/icc/icc.c:8646:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_alloc: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:8652:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmTextDescription_alloc: malloc() of Unicode description failed");
data/argyll-2.0.1+repack/icc/icc.c:8746:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmDescStruct_read: Data too short read header");
data/argyll-2.0.1+repack/icc/icc.c:8782:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmDescStruct_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:8787:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmDescStruct_write: write_UInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:8792:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmDescStruct_write: write_UInt64Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:8797:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmDescStruct_write: write_UInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:8932:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmProfileSequenceDesc_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:8938:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmProfileSequenceDesc_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:8947:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmProfileSequenceDesc_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:8954:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmProfileSequenceDesc_read: Wrong tag type for icmProfileSequenceDesc");
data/argyll-2.0.1+repack/icc/icc.c:8993:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmProfileSequenceDesc_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:8997:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmProfileSequenceDesc_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:9004:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmProfileSequenceDesc_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:9011:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmProfileSequenceDesc_write: write_UInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:9028:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmProfileSequenceDesc_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:9065:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmProfileSequenceDesc_allocate: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:9071:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmProfileSequenceDesc_allocate Allocation of DescStruct array failed");
data/argyll-2.0.1+repack/icc/icc.c:9143:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmSignature_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:9149:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmSignature_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:9157:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmSignature_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:9164:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmSignaturSignatureng tag type for icmSignature");
data/argyll-2.0.1+repack/icc/icc.c:9189:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmSignature_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:9193:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmSignature_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:9200:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmSignature_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:9208:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmSignaturea_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:9216:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmSignature_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:9324:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmScreening_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:9330:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmScreening_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:9339:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmScreening_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:9346:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmScreening_read: Wrong tag type for icmScreening");
data/argyll-2.0.1+repack/icc/icc.c:9362:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmScreening_read: Data too short to read Screening Data");
data/argyll-2.0.1+repack/icc/icc.c:9386:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmScreening_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:9390:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmScreening_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:9397:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmScreening_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:9404:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmScreening_write: write_UInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:9409:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmScreening_write: write_UInt32NumberXYZumber() failed");
data/argyll-2.0.1+repack/icc/icc.c:9418:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmScreening_write: write_ScreeningData() failed");
data/argyll-2.0.1+repack/icc/icc.c:9427:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmScreening_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:9468:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmScreening_alloc: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:9474:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmScreening_alloc: malloc() of icmScreening data failed");
data/argyll-2.0.1+repack/icc/icc.c:9543:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:9549:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:9558:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:9565:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_read: Wrong tag type for icmUcrBg");
data/argyll-2.0.1+repack/icc/icc.c:9579:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_read: Data too short to read UCR Data");
data/argyll-2.0.1+repack/icc/icc.c:9593:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmData_read: Data too short to read Black Gen count");
data/argyll-2.0.1+repack/icc/icc.c:9607:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_read: Data too short to read BG Data");
data/argyll-2.0.1+repack/icc/icc.c:9623:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_read: string is not null terminated");
data/argyll-2.0.1+repack/icc/icc.c:9656:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:9660:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:9667:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:9676:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_write: write_UInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:9685:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_write: write_UInt16umber() failed");
data/argyll-2.0.1+repack/icc/icc.c:9691:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_write: write_DCS16umber(%.8f) failed",p->UCRcurve[i]);
data/argyll-2.0.1+repack/icc/icc.c:9700:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_write: write_UInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:9709:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_write: write_UInt16umber() failed");
data/argyll-2.0.1+repack/icc/icc.c:9715:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_write: write_DCS16umber(%.8f) failed",p->BGcurve[i]);
data/argyll-2.0.1+repack/icc/icc.c:9724:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_write: text is not null terminated");
data/argyll-2.0.1+repack/icc/icc.c:9729:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_write: text is shorter than length");
data/argyll-2.0.1+repack/icc/icc.c:9739:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:9828:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_allocate: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:9834:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_allocate: malloc() of UCR curve data failed");
data/argyll-2.0.1+repack/icc/icc.c:9841:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_allocate: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:9847:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_allocate: malloc() of BG curve data failed");
data/argyll-2.0.1+repack/icc/icc.c:9854:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_allocate: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:9860:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmUcrBg_allocate: malloc() of string data failed");
data/argyll-2.0.1+repack/icc/icc.c:9947:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:9953:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:9961:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:9968:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_read: Wrong tag type for icmVideoCardGamma");
data/argyll-2.0.1+repack/icc/icc.c:9983:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:10004:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_read: unsupported table entry size");
data/argyll-2.0.1+repack/icc/icc.c:10012:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:10026:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGammaTable_read: Unknown gamma format for icmVideoCardGamma");
data/argyll-2.0.1+repack/icc/icc.c:10050:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmViewingConditions_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:10054:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmViewingConditions_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:10061:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:10069:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_write: write_UInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:10077:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_write: write_UInt16Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:10082:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_write: write_UInt16Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:10087:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_write: write_UInt16Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:10104:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_write: unsupported table entry size");
data/argyll-2.0.1+repack/icc/icc.c:10111:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_write: write_S15Fixed16Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:10116:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_write: write_S15Fixed16Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:10121:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_write: write_S15Fixed16Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:10126:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_write: write_S15Fixed16Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:10131:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_write: write_S15Fixed16Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:10136:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_write: write_S15Fixed16Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:10141:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_write: write_S15Fixed16Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:10146:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_write: write_S15Fixed16Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:10151:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_write: write_S15Fixed16Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:10156:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGammaTable_write: Unknown gamma format for icmVideoCardGamma");
data/argyll-2.0.1+repack/icc/icc.c:10164:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmViewingConditions_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:10242:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_alloc: unsupported table entry size");
data/argyll-2.0.1+repack/icc/icc.c:10246:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_alloc: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:10252:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmVideoCardGamma_alloc: malloc() of table data failed");
data/argyll-2.0.1+repack/icc/icc.c:10385:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmViewingConditions_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:10391:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmViewingConditions_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:10399:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmViewingConditions_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:10406:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmViewingConditions_read: Wrong tag type for icmViewingConditions");
data/argyll-2.0.1+repack/icc/icc.c:10413:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmViewingConditions: read_XYZNumber error");
data/argyll-2.0.1+repack/icc/icc.c:10420:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmViewingConditions: read_XYZNumber error");
data/argyll-2.0.1+repack/icc/icc.c:10445:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmViewingConditions_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:10449:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmViewingConditions_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:10456:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmViewingConditions_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:10464:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmViewingConditions: write_XYZNumber error");
data/argyll-2.0.1+repack/icc/icc.c:10471:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmViewingConditions: write_XYZNumber error");
data/argyll-2.0.1+repack/icc/icc.c:10478:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmViewingConditionsa_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:10486:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmViewingConditions_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:10578:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCrdInfo_read: Tag too small to be legal");
data/argyll-2.0.1+repack/icc/icc.c:10584:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCrdInfo_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:10593:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCrdInfo_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:10600:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCrdInfo_read: Wrong tag type for icmCrdInfo");
data/argyll-2.0.1+repack/icc/icc.c:10608:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCrdInfo_read: Data too short to read Postscript product name");
data/argyll-2.0.1+repack/icc/icc.c:10616:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCrdInfo_read: Data to short to read Postscript product string");
data/argyll-2.0.1+repack/icc/icc.c:10621:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCrdInfo_read: Postscript product name is not terminated");
data/argyll-2.0.1+repack/icc/icc.c:10637:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCrdInfo_read: Data too short to read CRD%d name",t);
data/argyll-2.0.1+repack/icc/icc.c:10645:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCrdInfo_read: Data to short to read CRD%d string",t);
data/argyll-2.0.1+repack/icc/icc.c:10650:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCrdInfo_read: CRD%d name is not terminated",t);
data/argyll-2.0.1+repack/icc/icc.c:10682:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCrdInfo_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:10686:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCrdInfo_write malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:10693:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCrdInfo_write: write_SInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:10702:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCrdInfo_write: write_UInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:10709:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCrdInfo_write: Postscript product name is not terminated");
data/argyll-2.0.1+repack/icc/icc.c:10721:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCrdInfo_write: write_UInt32Number() failed");
data/argyll-2.0.1+repack/icc/icc.c:10728:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCrdInfo_write: CRD%d name is not terminated",t);
data/argyll-2.0.1+repack/icc/icc.c:10741:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCrdInfo_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:10838:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCrdInfo_alloc: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:10844:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCrdInfo_alloc: malloc() of string data failed");
data/argyll-2.0.1+repack/icc/icc.c:10852:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCrdInfo_alloc: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:10858:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmCrdInfo_alloc: malloc() of CRD%d name string failed",t);
data/argyll-2.0.1+repack/icc/icc.c:10927:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_read: Length expected to be 128");
data/argyll-2.0.1+repack/icc/icc.c:10932:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_read: malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:10937:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_read: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:10945:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_read: wrong magic number 0x%x",tt);
data/argyll-2.0.1+repack/icc/icc.c:10953:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_read: file size %d too small to be legal",p->size);
data/argyll-2.0.1+repack/icc/icc.c:10979:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_read: read_DateTimeNumber corrupted");
data/argyll-2.0.1+repack/icc/icc.c:10992:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_read: read_XYZNumber error");
data/argyll-2.0.1+repack/icc/icc.c:11005:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_read: ICC V4 not supported!");
data/argyll-2.0.1+repack/icc/icc.c:11026:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:11030:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_write calloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:11036:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_write: profile size");
data/argyll-2.0.1+repack/icc/icc.c:11042:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_write: cmmId");
data/argyll-2.0.1+repack/icc/icc.c:11049:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_write: version number");
data/argyll-2.0.1+repack/icc/icc.c:11056:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_write: Uint8Number major version");
data/argyll-2.0.1+repack/icc/icc.c:11062:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_write: Uint8Number minor/bug fix");
data/argyll-2.0.1+repack/icc/icc.c:11067:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_write: SInt32Number deviceClass");
data/argyll-2.0.1+repack/icc/icc.c:11072:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_write: SInt32Number data color space");
data/argyll-2.0.1+repack/icc/icc.c:11077:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_write: SInt32Number PCS");
data/argyll-2.0.1+repack/icc/icc.c:11082:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_write: DateTimeNumber creation");
data/argyll-2.0.1+repack/icc/icc.c:11087:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_write: SInt32Number magic");
data/argyll-2.0.1+repack/icc/icc.c:11092:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_write: SInt32Number platform");
data/argyll-2.0.1+repack/icc/icc.c:11097:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_write: UInt32Number flags");
data/argyll-2.0.1+repack/icc/icc.c:11102:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_write: SInt32Number manufaturer");
data/argyll-2.0.1+repack/icc/icc.c:11107:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_write: SInt32Number model");
data/argyll-2.0.1+repack/icc/icc.c:11112:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_write: UInt64Number attributes");
data/argyll-2.0.1+repack/icc/icc.c:11117:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_write: SInt32Number rendering intent");
data/argyll-2.0.1+repack/icc/icc.c:11122:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_write: XYZNumber illuminant");
data/argyll-2.0.1+repack/icc/icc.c:11127:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_write: SInt32Number creator");
data/argyll-2.0.1+repack/icc/icc.c:11134:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_write: UInt8Number creator");
data/argyll-2.0.1+repack/icc/icc.c:11143:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icmHeader_write fseek() or fwrite() failed");
data/argyll-2.0.1+repack/icc/icc.c:11484:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_set_version: Header is missing");
data/argyll-2.0.1+repack/icc/icc.c:11512:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_set_version: Unsupported version 0x%x",ver);
data/argyll-2.0.1+repack/icc/icc.c:11531:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_check_legal: Header is missing");
data/argyll-2.0.1+repack/icc/icc.c:11602:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tcbuf[4]; /* Tag count read buffer */
data/argyll-2.0.1+repack/icc/icc.c:11612:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_read: No header defined");
data/argyll-2.0.1+repack/icc/icc.c:11624:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_read: fseek() or fread() failed on tag count");
data/argyll-2.0.1+repack/icc/icc.c:11632:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_read: tag count %d is too large to be legal",p->count);
data/argyll-2.0.1+repack/icc/icc.c:11642:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_read: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:11648:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_read: Tag table malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:11654:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_read: Tag table read buffer malloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:11661:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_read: fseek() or fread() failed on tag table");
data/argyll-2.0.1+repack/icc/icc.c:11696:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_read: fseek() or fread() failed on tag headers");
data/argyll-2.0.1+repack/icc/icc.c:11811:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[128];
data/argyll-2.0.1+repack/icc/icc.c:11817:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_check_id: No header defined");
data/argyll-2.0.1+repack/icc/icc.c:11832:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_check_id: new_icmMD5 failed");
data/argyll-2.0.1+repack/icc/icc.c:11839:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_check_id: fseek() or fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:11859:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_check_id: fread() failed");
data/argyll-2.0.1+repack/icc/icc.c:11911:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: Deleting existing 'arts' tag failed");
data/argyll-2.0.1+repack/icc/icc.c:11918:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: Adding 'arts' tag failed");
data/argyll-2.0.1+repack/icc/icc.c:11923:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: Allocating 'arts' tag failed");
data/argyll-2.0.1+repack/icc/icc.c:11975:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: Deleting existing 'chad' tag failed");
data/argyll-2.0.1+repack/icc/icc.c:11982:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: Adding 'chad' tag failed");
data/argyll-2.0.1+repack/icc/icc.c:11987:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: Allocating 'chad' tag failed");
data/argyll-2.0.1+repack/icc/icc.c:12032:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: Deleting existing 'chad' tag failed");
data/argyll-2.0.1+repack/icc/icc.c:12039:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: Adding 'chad' tag failed");
data/argyll-2.0.1+repack/icc/icc.c:12044:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: Allocating 'chad' tag failed");
data/argyll-2.0.1+repack/icc/icc.c:12093:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: Deleting temporary 'chad' tag failed");
data/argyll-2.0.1+repack/icc/icc.c:12118:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: Deleting temporary 'chad' tag failed");
data/argyll-2.0.1+repack/icc/icc.c:12152:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_get_size: No header defined");
data/argyll-2.0.1+repack/icc/icc.c:12163:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_get_size: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:12170:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_get_size: Internal error - NULL tag element");
data/argyll-2.0.1+repack/icc/icc.c:12200:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[ALIGN_SIZE];
data/argyll-2.0.1+repack/icc/icc.c:12213:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: No header defined");
data/argyll-2.0.1+repack/icc/icc.c:12232:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write get_size overflow");
data/argyll-2.0.1+repack/icc/icc.c:12238:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write calloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:12244:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: write_UInt32Number() failed on tag count");
data/argyll-2.0.1+repack/icc/icc.c:12252:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: Internal error - NULL tag element");
data/argyll-2.0.1+repack/icc/icc.c:12269:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:12279:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: corrupted link");
data/argyll-2.0.1+repack/icc/icc.c:12288:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: write_SInt32Number() failed on tag signature");
data/argyll-2.0.1+repack/icc/icc.c:12293:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: write_UInt32Number() failed on tag offset");
data/argyll-2.0.1+repack/icc/icc.c:12298:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: write_UInt32Number() failed on tag size");
data/argyll-2.0.1+repack/icc/icc.c:12314:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: new_icmMD5 failed");
data/argyll-2.0.1+repack/icc/icc.c:12320:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: new_icmFileMD5 failed");
data/argyll-2.0.1+repack/icc/icc.c:12338:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: seek() or write() failed");
data/argyll-2.0.1+repack/icc/icc.c:12355:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: write() failed");
data/argyll-2.0.1+repack/icc/icc.c:12364:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write flush() failed");
data/argyll-2.0.1+repack/icc/icc.c:12370:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write compute ID failed with code %d", p->errc);
data/argyll-2.0.1+repack/icc/icc.c:12400:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: seek() or write() failed");
data/argyll-2.0.1+repack/icc/icc.c:12417:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write: write() failed");
data/argyll-2.0.1+repack/icc/icc.c:12429:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_write flush() failed");
data/argyll-2.0.1+repack/icc/icc.c:12479:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_add_tag: wrong tag type for signature");
data/argyll-2.0.1+repack/icc/icc.c:12490:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_add_tag: unsupported tag type");
data/argyll-2.0.1+repack/icc/icc.c:12508:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_add_tag: size overflow");
data/argyll-2.0.1+repack/icc/icc.c:12517:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_add_tag: Tag table realloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:12590:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_link_tag: wrong tag type for signature");
data/argyll-2.0.1+repack/icc/icc.c:12610:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_link_tag: Tag table realloc() failed");
data/argyll-2.0.1+repack/icc/icc.c:12683:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_read_tag_ix: index %d is out of range",i);
data/argyll-2.0.1+repack/icc/icc.c:12717:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_read_tag_ix: found unknown tag");
data/argyll-2.0.1+repack/icc/icc.c:12825:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_rename_tag: wrong signature for tag type");
data/argyll-2.0.1+repack/icc/icc.c:12853:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_unread_tag_ix: index %d is out of range",i);
data/argyll-2.0.1+repack/icc/icc.c:12904:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_delete_tag_ix: index %d of range",i);
data/argyll-2.0.1+repack/icc/icc.c:16983:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_lookup: Profile is missing Media White Point Tag");
data/argyll-2.0.1+repack/icc/icc.c:17180:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icc_lookup: Curve->lookup_fwd() failed");
data/argyll-2.0.1+repack/icc/icc.c:17421:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icc_lookup: Curve->lookup_bwd() failed");
data/argyll-2.0.1+repack/icc/icc.c:17632:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icc_lookup: Curve->lookup_fwd() failed");
data/argyll-2.0.1+repack/icc/icc.c:17809:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icc_lookup: Curve->lookup_bwd() failed");
data/argyll-2.0.1+repack/icc/icc.c:17991:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icc_new_iccLuMatrix: Matrix wasn't invertable");
data/argyll-2.0.1+repack/icc/icc.c:18445:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icc_Lut_inv_input: Malloc failure in inverse lookup init.");
data/argyll-2.0.1+repack/icc/icc.c:18475:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icc_Lut_inv_input: Malloc failure in inverse lookup init.");
data/argyll-2.0.1+repack/icc/icc.c:18500:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icc_new_iccLuMatrix: Matrix wasn't invertable");
data/argyll-2.0.1+repack/icc/icc.c:18768:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icc_get_luobj: Unknown colorspace");
data/argyll-2.0.1+repack/icc/icc.c:18776:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icc_get_luobj: Unknown colorspace");
data/argyll-2.0.1+repack/icc/icc.c:18784:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icc_get_luobj: Unknown colorspace");
data/argyll-2.0.1+repack/icc/icc.c:18792:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icc_get_luobj: Unknown colorspace");
data/argyll-2.0.1+repack/icc/icc.c:18803:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icc_get_luobj: Unknown effective colorspace");
data/argyll-2.0.1+repack/icc/icc.c:18811:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(icp->err,"icc_get_luobj: Unknown effective colorspace");
data/argyll-2.0.1+repack/icc/icc.c:19026:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_get_luobj: Unknown intent");
data/argyll-2.0.1+repack/icc/icc.c:19127:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_get_luobj: Unknown intent");
data/argyll-2.0.1+repack/icc/icc.c:19193:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_get_luobj: Inaproptiate function requested");
data/argyll-2.0.1+repack/icc/icc.c:19229:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_get_luobj: Unknown intent");
data/argyll-2.0.1+repack/icc/icc.c:19299:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_get_luobj: Unknown intent");
data/argyll-2.0.1+repack/icc/icc.c:19354:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_get_luobj: Intent is inappropriate for Gamut table");
data/argyll-2.0.1+repack/icc/icc.c:19371:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_get_luobj: Unknown intent (0x%x)",intent);
data/argyll-2.0.1+repack/icc/icc.c:19399:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_get_luobj: Intent is inappropriate for preview table");
data/argyll-2.0.1+repack/icc/icc.c:19403:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_get_luobj: Unknown intent");
data/argyll-2.0.1+repack/icc/icc.c:19416:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_get_luobj: Inaproptiate function requested");
data/argyll-2.0.1+repack/icc/icc.c:19428:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_get_luobj: Intent is inappropriate for Link profile");
data/argyll-2.0.1+repack/icc/icc.c:19453:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_get_luobj: Inaproptiate function requested");
data/argyll-2.0.1+repack/icc/icc.c:19467:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_get_luobj: Intent is inappropriate for Abstract profile");
data/argyll-2.0.1+repack/icc/icc.c:19490:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_get_luobj: Inaproptiate function requested");
data/argyll-2.0.1+repack/icc/icc.c:19507:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_get_luobj: Intent is inappropriate for Named Color profile");
data/argyll-2.0.1+repack/icc/icc.c:19512:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_get_luobj: Named Colors not handled yet");
data/argyll-2.0.1+repack/icc/icc.c:19517:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_get_luobj: Unknown profile class");
data/argyll-2.0.1+repack/icc/icc.c:19523:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"icc_get_luobj: Unable to locate usable conversion");
data/argyll-2.0.1+repack/icc/icc.c:19813:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5][MAX_CHAN * 16];
data/argyll-2.0.1+repack/icc/icc.c:19828:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bp, "%d", p[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/icc/icc.c:19836:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5][MAX_CHAN * 16];
data/argyll-2.0.1+repack/icc/icc.c:19851:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bp, "%.8f", p[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/icc/icc.c:19859:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5][MAX_CHAN * 16];
data/argyll-2.0.1+repack/icc/icc.c:19874:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bp, "%.8f", p[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/icc/icc.c:19882:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5][MAX_CHAN * 16];
data/argyll-2.0.1+repack/icc/icc.c:19897:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bp, "%f", lab[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/icc/icc.h:902:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char root[32]; /* Root name for color */
data/argyll-2.0.1+repack/icc/icc.h:917:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[32]; /* Prefix for each color name (null terminated) */
data/argyll-2.0.1+repack/icc/icc.h:918:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[32]; /* Suffix for each color name (null terminated) */
data/argyll-2.0.1+repack/icc/icc.h:929:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32]; /* Name for colorant */
data/argyll-2.0.1+repack/icc/icc.h:1088:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *crdname[4]; /* Rendering intent 0-3 CRD names (null terminated) */
data/argyll-2.0.1+repack/icc/icc.h:1171:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char id[16]; /* MD5 fingerprint value, lsB to msB <V4.0+> */
data/argyll-2.0.1+repack/icc/icc.h:1558:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[512]; /* Error message */
data/argyll-2.0.1+repack/icc/iccdump.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[500];
data/argyll-2.0.1+repack/icc/iccdump.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_names[MXTGNMS][5];
data/argyll-2.0.1+repack/icc/iccdump.c:87:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verb = atoi(na);
data/argyll-2.0.1+repack/icc/iccdump.c:212:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char id[16];
data/argyll-2.0.1+repack/icc/icclu.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prof_name[500];
data/argyll-2.0.1+repack/icc/icclu.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/argyll-2.0.1+repack/icc/iccrw.c:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[500];
data/argyll-2.0.1+repack/icc/iccrw.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[500];
data/argyll-2.0.1+repack/icc/iccstd.c:366:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nmode[50];
data/argyll-2.0.1+repack/icc/iccstd.c:376:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(name,nmode)) == NULL)
data/argyll-2.0.1+repack/icc/icctest.c:216:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char chs1[16];
data/argyll-2.0.1+repack/icc/icctest.c:217:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char chs2[16];
data/argyll-2.0.1+repack/icc/icctest.c:247:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
m->add(m, (unsigned char *)tc[i].s, strlen(tc[i].s));
data/argyll-2.0.1+repack/icc/icctest.c:376:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *str2[4] = { "Intent zero CRD Name",
data/argyll-2.0.1+repack/icc/icctest.c:986:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(wo->prefix,"Prefix"); /* Prefix for each color name, max 32, null terminated */
data/argyll-2.0.1+repack/icc/icctest.c:987:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(wo->suffix,"Suffix"); /* Suffix for each color name, max 32, null terminated */
data/argyll-2.0.1+repack/icc/icctest.c:993:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(wo->data[i].root,"Color %d",i); /* Root name, max 32, null terminated */
data/argyll-2.0.1+repack/icc/icctest.c:1045:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(wo->prefix,"Prefix-ix"); /* Prefix for each color name, max 32, null terminated */
data/argyll-2.0.1+repack/icc/icctest.c:1046:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(wo->suffix,"Suffix-ixix"); /* Suffix for each color name, max 32, null terminated */
data/argyll-2.0.1+repack/icc/icctest.c:1052:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(wo->data[i].root,"Pigment %d",i); /* Root name, max 32, null terminated */
data/argyll-2.0.1+repack/icc/icctest.c:1121:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(wo->data[i].name,"Color %d",i); /* Colorant name, max 32, null terminated */
data/argyll-2.0.1+repack/icc/icctest.c:1189:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts1[100];
data/argyll-2.0.1+repack/icc/icctest.c:1197:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ts1,"This is device descrption %d",i);
data/argyll-2.0.1+repack/icc/icctest.c:1215:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ts1,"This is model descrption %d",i);
data/argyll-2.0.1+repack/icc/mcheck.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[500];
data/argyll-2.0.1+repack/icc/mcheck.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[500], *xl;
data/argyll-2.0.1+repack/icc/mkDispProf.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[1000];
data/argyll-2.0.1+repack/imdi/cctiff.c:544:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/argyll-2.0.1+repack/imdi/cctiff.c:571:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Unknown Photometric Tag %d",pmtc);
data/argyll-2.0.1+repack/imdi/cctiff.c:643:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXNAMEL+1];
data/argyll-2.0.1+repack/imdi/cctiff.c:940:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[JMSG_LENGTH_MAX];
data/argyll-2.0.1+repack/imdi/cctiff.c:954:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/argyll-2.0.1+repack/imdi/cctiff.c:969:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Unknown JPEG colorspace %d",cspace);
data/argyll-2.0.1+repack/imdi/cctiff.c:978:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[MAXNAMEL+1] = ""; /* Input raster file name */
data/argyll-2.0.1+repack/imdi/cctiff.c:979:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[MAXNAMEL+1] = ""; /* Output raster file name */
data/argyll-2.0.1+repack/imdi/cctiff.c:980:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_pname[MAXNAMEL+1] = ""; /* Destination embedded profile file name */
data/argyll-2.0.1+repack/imdi/cctiff.c:1032:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *inp[MAX_CHAN];
data/argyll-2.0.1+repack/imdi/cctiff.c:1033:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *outp[MAX_CHAN];
data/argyll-2.0.1+repack/imdi/cctiff.c:1104:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
clutres = atoi(na);
data/argyll-2.0.1+repack/imdi/cctiff.c:1113:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ochoice = atoi(na);
data/argyll-2.0.1+repack/imdi/cctiff.c:1138:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jpgq = atoi(na);
data/argyll-2.0.1+repack/imdi/cctiff.c:1404:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rf = fopen(in_name,"rb")) == NULL)
data/argyll-2.0.1+repack/imdi/cctiff.c:1406:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rf = fopen(in_name,"r")) == NULL)
data/argyll-2.0.1+repack/imdi/cctiff.c:1500:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rdesc, mlp->data, mlp->data_length-1);
data/argyll-2.0.1+repack/imdi/cctiff.c:1757:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, ct->data[i].name, slen);
data/argyll-2.0.1+repack/imdi/cctiff.c:1791:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((wf = fopen(out_name,"wb")) == NULL)
data/argyll-2.0.1+repack/imdi/cctiff.c:1793:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((wf = fopen(out_name,"w")) == NULL)
data/argyll-2.0.1+repack/imdi/cctiff.c:2217:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int v = ((unsigned char *)inbuf)[x * su.id + i];
data/argyll-2.0.1+repack/imdi/cctiff.c:2262:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)hprecbuf)[x * su.od + i] = v;
data/argyll-2.0.1+repack/imdi/cctiff.c:2286:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
err = ((unsigned char *)outbuf)[x] - ((unsigned char *)hprecbuf)[x];
data/argyll-2.0.1+repack/imdi/cctiff.c:2286:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
err = ((unsigned char *)outbuf)[x] - ((unsigned char *)hprecbuf)[x];
data/argyll-2.0.1+repack/imdi/cctiffo.c:281:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/argyll-2.0.1+repack/imdi/cctiffo.c:310:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Unknown Tag %d",pmtc);
data/argyll-2.0.1+repack/imdi/cctiffo.c:320:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100];
data/argyll-2.0.1+repack/imdi/cctiffo.c:435:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[100]; /* Raster file name */
data/argyll-2.0.1+repack/imdi/cctiffo.c:436:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[100]; /* Raster file name */
data/argyll-2.0.1+repack/imdi/cctiffo.c:454:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *inp[MAX_CHAN];
data/argyll-2.0.1+repack/imdi/cctiffo.c:455:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *outp[MAX_CHAN];
data/argyll-2.0.1+repack/imdi/cctiffo.c:890:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
in[i] = ((unsigned char *)inbuf)[x * su.id + i]/255.0;
data/argyll-2.0.1+repack/imdi/cctiffo.c:913:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)checkbuf)[x * su.od + i] = (int)(out[i] * 255.0 + 0.5);
data/argyll-2.0.1+repack/imdi/cctiffo.c:922:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
err = ((unsigned char *)outbuf)[x] - ((unsigned char *)checkbuf)[x];
data/argyll-2.0.1+repack/imdi/cctiffo.c:922:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
err = ((unsigned char *)outbuf)[x] - ((unsigned char *)checkbuf)[x];
data/argyll-2.0.1+repack/imdi/cctiffo.c:953:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
in[i] = ((unsigned char *)inbuf)[x * su.id + i]/255.0;
data/argyll-2.0.1+repack/imdi/cctiffo.c:979:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)outbuf)[x * su.od + i] = (int)(outi * 255.0 + 0.5);
data/argyll-2.0.1+repack/imdi/cgen.c:138:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[20];
data/argyll-2.0.1+repack/imdi/cgen.c:141:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "0x%x",(1 << bits)-1);
data/argyll-2.0.1+repack/imdi/cgen.c:147:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "0x%xffffffff",(1 << (bits-32))-1);
data/argyll-2.0.1+repack/imdi/cgen.c:179:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(g->kname, "imdi_k%d",index); /* Kernel routine base name */
data/argyll-2.0.1+repack/imdi/cgen.c:1136:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rde[50]; /* Read expression */
data/argyll-2.0.1+repack/imdi/cgen.c:1137:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char toff[50]; /* Table offset expression */
data/argyll-2.0.1+repack/imdi/cgen.c:1141:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rde,"ip0[%d]",e); /* Offset from single pointer */
data/argyll-2.0.1+repack/imdi/cgen.c:1143:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rde,"*ip%d",e); /* Pointer per channel */
data/argyll-2.0.1+repack/imdi/cgen.c:1148:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rde,"rdv"); /* Use read value for extraction */
data/argyll-2.0.1+repack/imdi/cgen.c:1173:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(toff,"chv");
data/argyll-2.0.1+repack/imdi/cgen.c:1467:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wre[50]; /* Write destination expression */
data/argyll-2.0.1+repack/imdi/cgen.c:1495:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(wre,"op0[%d]",e); /* Offset from single pointer */
data/argyll-2.0.1+repack/imdi/cgen.c:1497:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(wre,"*op%d",e); /* Pointer per channel */
data/argyll-2.0.1+repack/imdi/ctest.c:35:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((kcode = fopen("imdi_k99.c","w")) == NULL) {
data/argyll-2.0.1+repack/imdi/greytiff.c:111:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/argyll-2.0.1+repack/imdi/greytiff.c:134:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Unknown Tag %d",pmtc);
data/argyll-2.0.1+repack/imdi/greytiff.c:191:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prof_name[100];
data/argyll-2.0.1+repack/imdi/greytiff.c:192:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[100];
data/argyll-2.0.1+repack/imdi/greytiff.c:193:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[100];
data/argyll-2.0.1+repack/imdi/greytiff.c:217:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *inp[MAX_CHAN];
data/argyll-2.0.1+repack/imdi/greytiff.c:218:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *outp[MAX_CHAN];
data/argyll-2.0.1+repack/imdi/greytiff.c:440:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
in[i] = ((unsigned char *)inbuf)[x * inn + i]/255.0;
data/argyll-2.0.1+repack/imdi/greytiff.c:455:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)checkbuf)[x * inn + i] = (int)(out[i] * 255.0 + 0.5);
data/argyll-2.0.1+repack/imdi/greytiff.c:465:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
err = ((unsigned char *)outbuf)[x] - ((unsigned char *)checkbuf)[x];
data/argyll-2.0.1+repack/imdi/greytiff.c:465:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
err = ((unsigned char *)outbuf)[x] - ((unsigned char *)checkbuf)[x];
data/argyll-2.0.1+repack/imdi/greytiff.c:497:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
in[i] = ((unsigned char *)inbuf)[x * inn + i]/255.0;
data/argyll-2.0.1+repack/imdi/greytiff.c:509:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)outbuf)[x * inn + i] = (int)(out[i] * 255.0 + 0.5);
data/argyll-2.0.1+repack/imdi/imdi.c:462:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
minp[j] = (void *)((char *)inp[0] + j);
data/argyll-2.0.1+repack/imdi/imdi.c:465:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
minp[j] = (void *)((char *)inp[0] + 2 * j);
data/argyll-2.0.1+repack/imdi/imdi.c:479:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
moutp[j] = (void *)((char *)outp[0] + i++);
data/argyll-2.0.1+repack/imdi/imdi.c:486:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
moutp[j] = (void *)((char *)outp[0] + 2 * i++);
data/argyll-2.0.1+repack/imdi/imdi.c:507:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
minp[0] = (void *)((char *)minp[0] + inst * (npixels - 1));
data/argyll-2.0.1+repack/imdi/imdi.c:509:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
minp[0] = (void *)((char *)minp[0] + inst * 2 * (npixels - 1));
data/argyll-2.0.1+repack/imdi/imdi.c:512:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
minp[j] = (void *)((char *)minp[j] + inst * (npixels - 1));
data/argyll-2.0.1+repack/imdi/imdi.c:515:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
minp[j] = (void *)((char *)minp[j] + inst * 2 * (npixels - 1));
data/argyll-2.0.1+repack/imdi/imdi.c:519:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
moutp[0] = (void *)((char *)moutp[0] + outst * (npixels - 1));
data/argyll-2.0.1+repack/imdi/imdi.c:521:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
moutp[0] = (void *)((char *)moutp[0] + outst * 2 * (npixels - 1));
data/argyll-2.0.1+repack/imdi/imdi.c:524:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
moutp[j] = (void *)((char *)moutp[j] + outst * (npixels - 1));
data/argyll-2.0.1+repack/imdi/imdi.c:527:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
moutp[j] = (void *)((char *)moutp[j] + outst * 2 * (npixels - 1));
data/argyll-2.0.1+repack/imdi/imdi_gen.h:180:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kkeys[100]; /* Kernel keys */
data/argyll-2.0.1+repack/imdi/imdi_gen.h:181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kdesc[100]; /* At genspec time */
data/argyll-2.0.1+repack/imdi/imdi_gen.h:182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kname[100]; /* At generation time */
data/argyll-2.0.1+repack/imdi/imdi_make.c:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100];
data/argyll-2.0.1+repack/imdi/imdi_make.c:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[100];
data/argyll-2.0.1+repack/imdi/imdi_make.c:155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[MAXNAMEL+1+1] = ""; /* Output directory name */
data/argyll-2.0.1+repack/imdi/imdi_make.c:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[MAXNAMEL+100+1]; /* Buffer to compose filenames in */
data/argyll-2.0.1+repack/imdi/imdi_make.c:223:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((kheader = fopen(temp, "w")) == NULL) {
data/argyll-2.0.1+repack/imdi/imdi_make.c:230:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((kcode = fopen(temp, "w")) == NULL) {
data/argyll-2.0.1+repack/imdi/imdi_make.c:258:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ofname[100];
data/argyll-2.0.1+repack/imdi/imdi_make.c:265:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((kcode = fopen(temp, "w")) == NULL) {
data/argyll-2.0.1+repack/imdi/itest.c:149:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *inp[MXDI];
data/argyll-2.0.1+repack/imdi/itest.c:150:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *outp[MXDO];
data/argyll-2.0.1+repack/imdi/itest.c:211:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rbits = atoi(na);
data/argyll-2.0.1+repack/imdi/ssort.c:61:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f->of = fopen("ttt.c","w");
data/argyll-2.0.1+repack/jcnf/jcnf.c:86:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[13];
data/argyll-2.0.1+repack/jcnf/jcnf.c:87:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num, "%d",p->recds[i].aix);
data/argyll-2.0.1+repack/jcnf/jcnf.c:199:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (type == jc_string && ((char *)data)[dataSize-1] != '\000')
data/argyll-2.0.1+repack/jcnf/jcnf.c:767:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BUF_SIZE];
data/argyll-2.0.1+repack/jcnf/jcnf.c:770:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((p->fp = fopen(p->fname, p->modify ? "r+" : "r")) == NULL) {
data/argyll-2.0.1+repack/jcnf/jcnf.c:774:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((p->fp = fopen(p->fname, "w")) == NULL)
data/argyll-2.0.1+repack/jcnf/jcnf.c:866:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tname,"-XXXXXX");
data/argyll-2.0.1+repack/jcnf/jcnf.c:867:13: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fh = mkstemp(tname)) == -1) {
data/argyll-2.0.1+repack/jcnf/jcnf.c:889:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(tname, "w")) == NULL) {
data/argyll-2.0.1+repack/jcnf/jcnf.c:1086:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((p->fp = fopen(p->fname, "r+")) == NULL) {
data/argyll-2.0.1+repack/link/collink.c:1877:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[MAXNAMEL+1] = "\000";
data/argyll-2.0.1+repack/link/collink.c:1878:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sgam_name[MAXNAMEL+1] = "\000"; /* Source gamut name */
data/argyll-2.0.1+repack/link/collink.c:1879:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abs_name[MAXNAMEL+1] = "\000"; /* Abstract profile name */
data/argyll-2.0.1+repack/link/collink.c:1880:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cal_name[MAXNAMEL+1] = "\000"; /* Calibration filename */
data/argyll-2.0.1+repack/link/collink.c:1881:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[MAXNAMEL+1] = "\000";
data/argyll-2.0.1+repack/link/collink.c:1882:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_name[MAXNAMEL+1] = "\000";
data/argyll-2.0.1+repack/link/collink.c:1883:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tdlut_name[MAXNAMEL+1] = "\000";
data/argyll-2.0.1+repack/link/collink.c:2123:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rr = atoi(na);
data/argyll-2.0.1+repack/link/collink.c:2267:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ivc_e = atoi(na);
data/argyll-2.0.1+repack/link/collink.c:2269:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ovc_e = atoi(na);
data/argyll-2.0.1+repack/link/collink.c:2445:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tlimit = atoi(na);
data/argyll-2.0.1+repack/link/collink.c:2455:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
klimit = atoi(na);
data/argyll-2.0.1+repack/link/collink.c:2466:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tlimit = atoi(na);
data/argyll-2.0.1+repack/link/collink.c:2478:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
klimit = atoi(na);
data/argyll-2.0.1+repack/link/collink.c:2651:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl,".txt");
data/argyll-2.0.1+repack/link/collink.c:2662:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl,".3dlut");
data/argyll-2.0.1+repack/link/collink.c:2671:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl,".cube");
data/argyll-2.0.1+repack/link/collink.c:4028:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dst, dstm[200]; /* description */
data/argyll-2.0.1+repack/link/collink.c:4977:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAXNAMEL+1+20], *xl;
data/argyll-2.0.1+repack/link/collink.c:4989:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl,"-first1dred.txt");
data/argyll-2.0.1+repack/link/collink.c:4991:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl,"-first1dgreen.txt");
data/argyll-2.0.1+repack/link/collink.c:4993:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl,"-first1dblue.txt");
data/argyll-2.0.1+repack/link/collink.c:5119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAXNAMEL+1+20], *xl;
data/argyll-2.0.1+repack/link/collink.c:5131:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl,"-second1dred.txt");
data/argyll-2.0.1+repack/link/collink.c:5133:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl,"-second1dgreen.txt");
data/argyll-2.0.1+repack/link/collink.c:5135:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl,"-second1dblue.txt");
data/argyll-2.0.1+repack/link/collink.c:5220:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
hoff += sprintf((char *)h+hoff, "Input_Primaries %f %f %f %f %f %f %f %f\r\n", /* For V0.66+ */
data/argyll-2.0.1+repack/link/collink.c:5226:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
hoff += sprintf((char *)h+hoff, "Input_Range 0 255\r\n");
data/argyll-2.0.1+repack/link/collink.c:5228:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
hoff += sprintf((char *)h+hoff, "Input_Range 16 235\r\n");
data/argyll-2.0.1+repack/link/collink.c:5230:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
hoff += sprintf((char *)h+hoff, "Output_Range 0 255\r\n");
data/argyll-2.0.1+repack/link/collink.c:5232:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
hoff += sprintf((char *)h+hoff, "Output_Range 16 235\r\n");
data/argyll-2.0.1+repack/link/monoplot.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[100];
data/argyll-2.0.1+repack/link/monoplot.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_name[100];
data/argyll-2.0.1+repack/link/monoplot.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[100];
data/argyll-2.0.1+repack/link/pathplot.c:76:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *name[13] = {
data/argyll-2.0.1+repack/link/pathplot.c:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[100];
data/argyll-2.0.1+repack/link/pathplot.c:104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_name[100];
data/argyll-2.0.1+repack/link/pathplot.c:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[100];
data/argyll-2.0.1+repack/namedc/namedc.c:318:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(p->filename, "r")) == NULL) {
data/argyll-2.0.1+repack/namedc/namedc.c:528:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *key[3] = { "L", "A", "B" };
data/argyll-2.0.1+repack/namedc/namedc.c:553:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *key[3] = { "X", "Y", "Z" };
data/argyll-2.0.1+repack/namedc/namedc.c:594:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *key[4] = { "Cyan", "Magenta", "Yellow", "Black" };
data/argyll-2.0.1+repack/namedc/namedc.c:911:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[3 * 32];
data/argyll-2.0.1+repack/namedc/namedc.c:1275:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inname[MAXNAMEL+1];
data/argyll-2.0.1+repack/namedc/namedc.c:1303:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug = atoi(na);
data/argyll-2.0.1+repack/namedc/namedc.h:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[NAMEDC_ERRL]; /* Error message */
data/argyll-2.0.1+repack/namedc/namedc.h:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pfx[100]; /* Prefix to apply */
data/argyll-2.0.1+repack/namedc/namedc.h:108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[NAMEDC_PLEN]; /* Temporary buffers to use */
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[MAXNAMEL+1];
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inname[MAXNAMEL+1];
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outname[MAXNAMEL+1];
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSZ];
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:107:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ifp = fopen(inname,"r"))==NULL) {
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:179:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[BUFSZ];
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:180:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[BUFSZ];
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:181:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s3[BUFSZ];
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:204:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[BUFSZ];
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:205:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[BUFSZ];
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:206:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s3[BUFSZ];
data/argyll-2.0.1+repack/numlib/dnsq.c:82:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double atol, /* Desired absolute tollerance of the solution */
data/argyll-2.0.1+repack/numlib/dnsq.c:107:30: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n, &x[0], &fvec[0], dtol, atol,
data/argyll-2.0.1+repack/numlib/dnsq.c:459:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
double atol, /* Desired tollerance of the root (stops on dtol or tol) */
data/argyll-2.0.1+repack/numlib/dnsq.c:826:25: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (fabs(fvec[j]) > atol)
data/argyll-2.0.1+repack/numlib/dnsq.c:831:43: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
printf("DNSQ: fvecs are all <= atol %f\n",atol);
data/argyll-2.0.1+repack/numlib/numsup.c:92:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(exe_path, ".exe");
data/argyll-2.0.1+repack/numlib/numsup.c:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b1[PATH_MAX], b2[PATH_MAX];
data/argyll-2.0.1+repack/numlib/numsup.c:262:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sysinfo[100] = { "Unknown" };
data/argyll-2.0.1+repack/numlib/numsup.c:274:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sysinfo,"Windows V%d.%d SP %d",
data/argyll-2.0.1+repack/numlib/numsup.c:278:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sysinfo,"Windows Server 2016 V%d.%d SP %d",
data/argyll-2.0.1+repack/numlib/numsup.c:284:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sysinfo,"Windows V8.1 SP %d",
data/argyll-2.0.1+repack/numlib/numsup.c:287:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sysinfo,"Windows Server 2012 R2 SP %d",
data/argyll-2.0.1+repack/numlib/numsup.c:292:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sysinfo,"Windows V8 SP %d",
data/argyll-2.0.1+repack/numlib/numsup.c:295:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sysinfo,"Windows Server SP %d",
data/argyll-2.0.1+repack/numlib/numsup.c:300:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sysinfo,"Windows V7 SP %d",
data/argyll-2.0.1+repack/numlib/numsup.c:303:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sysinfo,"Windows Server 2008 R2 SP %d",
data/argyll-2.0.1+repack/numlib/numsup.c:308:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sysinfo,"Windows Vista SP %d",
data/argyll-2.0.1+repack/numlib/numsup.c:311:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sysinfo,"Windows Server 2008 SP %d",
data/argyll-2.0.1+repack/numlib/numsup.c:316:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sysinfo,"Windows XP Pro64 SP %d",
data/argyll-2.0.1+repack/numlib/numsup.c:320:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sysinfo,"Windows XP SP %d",
data/argyll-2.0.1+repack/numlib/numsup.c:324:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sysinfo,"Windows XP SP %d",
data/argyll-2.0.1+repack/numlib/numsup.c:328:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sysinfo,"Windows Maj %d Min %d SP %d",
data/argyll-2.0.1+repack/numlib/numsup.c:355:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sysinfo[200] = { "Unknown" };
data/argyll-2.0.1+repack/numlib/numsup.c:624:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oline[200] = { '\000' }, *bp = oline;
data/argyll-2.0.1+repack/numlib/numsup.c:630:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp," %02x",buf[i]);
data/argyll-2.0.1+repack/numlib/numsup.c:633:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp," ");
data/argyll-2.0.1+repack/numlib/numsup.c:634:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp," ");
data/argyll-2.0.1+repack/numlib/numsup.c:637:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp,"%c",buf[j]);
data/argyll-2.0.1+repack/numlib/numsup.c:1083:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
free((char *)(m[nrl-1]));
data/argyll-2.0.1+repack/numlib/numsup.c:1225:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
free((char *)(m[nrl-1]));
data/argyll-2.0.1+repack/numlib/numsup.c:1449:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
free((char *)(m[nrl-1]));
data/argyll-2.0.1+repack/numlib/numsup.c:1597:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
free((char *)(m[nrl-1]));
data/argyll-2.0.1+repack/numlib/numsup.c:1745:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
free((char *)(m[nrl-1]));
data/argyll-2.0.1+repack/numlib/numsup.c:2851:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5][DEB_MAX_CHAN * 16];
data/argyll-2.0.1+repack/numlib/numsup.c:2869:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bp, "%d", p[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/numlib/numsup.c:2877:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5][DEB_MAX_CHAN * 100];
data/argyll-2.0.1+repack/numlib/numsup.c:2912:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5][DEB_MAX_CHAN * 100];
data/argyll-2.0.1+repack/numlib/numsup.c:2930:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bp, "%.8f", p[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/numlib/numsup.h:282:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errm[A1_LOG_BUFSIZE]; /* error message (public) */
data/argyll-2.0.1+repack/plot/plot.c:1108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[6], temp[20];
data/argyll-2.0.1+repack/plot/plot.c:1119:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"%%.%df", nfrac);
data/argyll-2.0.1+repack/plot/plot.c:1750:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[6], temp[20];
data/argyll-2.0.1+repack/plot/plot.c:1761:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"%%.%df", nfrac);
data/argyll-2.0.1+repack/plot/plot.c:2225:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[6], temp[20];
data/argyll-2.0.1+repack/plot/plot.c:2236:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"%%.%df", nfrac);
data/argyll-2.0.1+repack/plot/plot.c:2252:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dash_list[2] = {5, 1};
data/argyll-2.0.1+repack/plot/plot.c:2458:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("log.txt", "a+")) != NULL) {
data/argyll-2.0.1+repack/plot/plot.c:2572:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ntext[5] = { "A", "B", "C", "D" };
data/argyll-2.0.1+repack/plot/plot.c:2573:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *mtext[5] = { "10", "20", "30", "40", "50" };
data/argyll-2.0.1+repack/plot/vrml.c:262:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void add_text(vrml *s, char *text, double p[3], double col[3], double size) {
data/argyll-2.0.1+repack/plot/vrml.c:1457:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((s->fp = fopen(s->name,"w")) == NULL) {
data/argyll-2.0.1+repack/plot/vrml.c:1782:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl, "x3dom.css");
data/argyll-2.0.1+repack/plot/vrml.c:1787:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(x3name, oflags)) == NULL) {
data/argyll-2.0.1+repack/plot/vrml.c:1800:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl, "x3dom.js");
data/argyll-2.0.1+repack/plot/vrml.c:1805:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(x3name, oflags)) == NULL) {
data/argyll-2.0.1+repack/plot/vrml.h:122:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void (*add_text)(struct _vrml *s, char *text, double p[3], double col[3], double size);
data/argyll-2.0.1+repack/profile/applycal.c:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cal_name[MAXNAMEL+1];
data/argyll-2.0.1+repack/profile/applycal.c:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[MAXNAMEL+1];
data/argyll-2.0.1+repack/profile/applycal.c:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[MAXNAMEL+1];
data/argyll-2.0.1+repack/profile/applycal.c:386:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ro->desc, " [ ");
data/argyll-2.0.1+repack/profile/applycal.c:388:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ro->desc, " ]");
data/argyll-2.0.1+repack/profile/cb2ti3.c:55:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tarname[200] = { 0 }; /* Input .CMY file */
data/argyll-2.0.1+repack/profile/cb2ti3.c:56:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char inname[200] = { 0 }; /* Input .nCIE file */
data/argyll-2.0.1+repack/profile/cb2ti3.c:57:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char outname[200] = { 0 }; /* Output cgats .ti3 file base name */
data/argyll-2.0.1+repack/profile/cb2ti3.c:112:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(inname,".CMY");
data/argyll-2.0.1+repack/profile/cb2ti3.c:113:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tarname,".nCIE");
data/argyll-2.0.1+repack/profile/cb2ti3.c:117:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outname,".ti3");
data/argyll-2.0.1+repack/profile/cb2ti3.c:209:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[100];
data/argyll-2.0.1+repack/profile/cb2ti3.c:228:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(id, "%d", i+1);
data/argyll-2.0.1+repack/profile/colprof.c:221:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipname[MAXNAMEL+1] = ""; /* Input icc profile - enables gamut map */
data/argyll-2.0.1+repack/profile/colprof.c:222:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sgname[MAXNAMEL+1] = ""; /* Image source gamut name */
data/argyll-2.0.1+repack/profile/colprof.c:223:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char absstring[3 * MAXNAMEL +1]; /* Storage for absnames */
data/argyll-2.0.1+repack/profile/colprof.c:224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *absnames[3] = { NULL, NULL, NULL }; /* Abstract profile name */
data/argyll-2.0.1+repack/profile/colprof.c:233:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char baname[MAXNAMEL+1] = ""; /* Input & Output base name */
data/argyll-2.0.1+repack/profile/colprof.c:234:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inname[MAXNAMEL+1] = ""; /* Input cgats file base name */
data/argyll-2.0.1+repack/profile/colprof.c:235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outname[MAXNAMEL+1] = ""; /* Output cgats file base name */
data/argyll-2.0.1+repack/profile/colprof.c:579:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tlimit = atoi(na);
data/argyll-2.0.1+repack/profile/colprof.c:586:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
klimit = atoi(na);
data/argyll-2.0.1+repack/profile/colprof.c:801:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ratio = atoi(na);
data/argyll-2.0.1+repack/profile/colprof.c:992:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(inname,".ti3");
data/argyll-2.0.1+repack/profile/colprof.c:1107:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
imax = atoi(icg->t[0].kdata[ti]);
data/argyll-2.0.1+repack/profile/colprof.c:1126:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
kmax = atoi(icg->t[0].kdata[ti]);
data/argyll-2.0.1+repack/profile/colverify.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sid[50]; /* sample id */
data/argyll-2.0.1+repack/profile/colverify.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc[100]; /* sample location (empty if none) */
data/argyll-2.0.1+repack/profile/colverify.c:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char histoname[MAXNAMEL+1] = "\000"; /* Optional file to save histogram points to */
data/argyll-2.0.1+repack/profile/colverify.c:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ccmxname[MAXNAMEL+1] = "\000"; /* Colorimeter Correction Matrix name */
data/argyll-2.0.1+repack/profile/colverify.c:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gprofname[MAXNAMEL+1] = "\000"; /* Gamut limit profile name */
data/argyll-2.0.1+repack/profile/colverify.c:139:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXNAMEL+1]; /* Patch filename */
data/argyll-2.0.1+repack/profile/colverify.c:164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[MAXNAMEL+4+1]; /* VRML/X3D name */
data/argyll-2.0.1+repack/profile/colverify.c:200:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verb = atoi(na);
data/argyll-2.0.1+repack/profile/colverify.c:700:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/profile/colverify.c:714:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sp.spec_n = atoi(cgf->t[0].kdata[ii]);
data/argyll-2.0.1+repack/profile/colverify.c:734:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d",nm);
data/argyll-2.0.1+repack/profile/colverify.c:1191:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(histoname, "w")) == NULL)
data/argyll-2.0.1+repack/profile/invprofcheck.c:124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[MAXNAMEL+1];
data/argyll-2.0.1+repack/profile/invprofcheck.c:125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[MAXNAMEL+1], *xl; /* VRML/X3D name */
data/argyll-2.0.1+repack/profile/invprofcheck.c:165:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verb = atoi(na);
data/argyll-2.0.1+repack/profile/invprofcheck.c:184:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
res = atoi(na);
data/argyll-2.0.1+repack/profile/invprofcheck.c:199:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
limit = atoi(na);
data/argyll-2.0.1+repack/profile/invprofcheck.c:209:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
limit = atoi(na);
data/argyll-2.0.1+repack/profile/kodak2ti3.c:67:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tarname[200] = { 0 }; /* optional 928 patch reference file */
data/argyll-2.0.1+repack/profile/kodak2ti3.c:68:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char inname[200] = { 0 }; /* Input .pat file base name */
data/argyll-2.0.1+repack/profile/kodak2ti3.c:69:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char outname[200] = { 0 }; /* Output cgats .ti3 file base name */
data/argyll-2.0.1+repack/profile/kodak2ti3.c:110:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
limit = atoi(na);
data/argyll-2.0.1+repack/profile/kodak2ti3.c:134:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(inname,".pat");
data/argyll-2.0.1+repack/profile/kodak2ti3.c:138:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outname,".ti3");
data/argyll-2.0.1+repack/profile/kodak2ti3.c:166:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/profile/kodak2ti3.c:167:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", limit);
data/argyll-2.0.1+repack/profile/kodak2ti3.c:182:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[100];
data/argyll-2.0.1+repack/profile/kodak2ti3.c:192:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(id, "%d", i+1);
data/argyll-2.0.1+repack/profile/kodak2ti3.c:259:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/argyll-2.0.1+repack/profile/kodak2ti3.c:261:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename,"r")) == NULL)
data/argyll-2.0.1+repack/profile/kodak2ti3.c:285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/argyll-2.0.1+repack/profile/kodak2ti3.c:1239:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename,"r")) == NULL)
data/argyll-2.0.1+repack/profile/kodak2ti3.c:1247:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/argyll-2.0.1+repack/profile/ls2ti3.c:106:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char inname[MAXNAMEL+1] = { 0 }; /* Input LightSpace .xml file */
data/argyll-2.0.1+repack/profile/ls2ti3.c:107:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char outname[MAXNAMEL+1] = { 0 }; /* Output cgats .ti3 file base name */
data/argyll-2.0.1+repack/profile/ls2ti3.c:166:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outname,".ti3");
data/argyll-2.0.1+repack/profile/ls2ti3.c:168:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ifp = fopen(inname, "r")) == NULL)
data/argyll-2.0.1+repack/profile/ls2ti3.c:215:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
npat = atoi(attr);
data/argyll-2.0.1+repack/profile/ls2ti3.c:230:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *rgb_key[3] = { "red", "green", "blue" };
data/argyll-2.0.1+repack/profile/ls2ti3.c:231:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xyz_key[3] = { "X", "Y", "Z" };
data/argyll-2.0.1+repack/profile/ls2ti3.c:243:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
patches[i].pno = atoi(attr);
data/argyll-2.0.1+repack/profile/ls2ti3.c:348:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[100];
data/argyll-2.0.1+repack/profile/ls2ti3.c:352:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(id, "%d", patches[i].pno);
data/argyll-2.0.1+repack/profile/mppcheck.c:61:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ti3name[200] = { 0 }; /* Input cgats file base name */
data/argyll-2.0.1+repack/profile/mppcheck.c:62:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mppname[200] = { 0 }; /* Profile file base name */
data/argyll-2.0.1+repack/profile/mppcheck.c:169:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spec_n = atoi(icg->t[0].kdata[ti]);
data/argyll-2.0.1+repack/profile/mppcheck.c:278:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/profile/mppcheck.c:286:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100];
data/argyll-2.0.1+repack/profile/mppcheck.c:336:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sp.spec_n = atoi(icg->t[0].kdata[ii]);
data/argyll-2.0.1+repack/profile/mppcheck.c:353:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d",nm);
data/argyll-2.0.1+repack/profile/mppprof.c:99:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char inname[200] = { 0 }; /* Input cgats file base name */
data/argyll-2.0.1+repack/profile/mppprof.c:100:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char outname[200] = { 0 }; /* Output cgats file base name */
data/argyll-2.0.1+repack/profile/mppprof.c:141:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verb = atoi(na);
data/argyll-2.0.1+repack/profile/mppprof.c:158:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verify = atoi(na);
data/argyll-2.0.1+repack/profile/mppprof.c:215:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(inname,".ti3");
data/argyll-2.0.1+repack/profile/mppprof.c:217:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outname,".mpp");
data/argyll-2.0.1+repack/profile/mppprof.c:280:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spec_n = atoi(icg->t[0].kdata[ti]);
data/argyll-2.0.1+repack/profile/mppprof.c:399:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/profile/mppprof.c:407:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100];
data/argyll-2.0.1+repack/profile/mppprof.c:457:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sp.spec_n = atoi(icg->t[0].kdata[ii]);
data/argyll-2.0.1+repack/profile/mppprof.c:474:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d",nm);
data/argyll-2.0.1+repack/profile/printcal.c:135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[500]; /* Error message from diagnostics */
data/argyll-2.0.1+repack/profile/printcal.c:175:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/profile/printcal.c:203:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"ctg_write: malloc of setel failed");
data/argyll-2.0.1+repack/profile/printcal.c:260:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/profile/printcal.c:263:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "ctg_read: Can't fint COLOR_REP");
data/argyll-2.0.1+repack/profile/printcal.c:276:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "ctg_read: Can't find field PARAMTYPE");
data/argyll-2.0.1+repack/profile/printcal.c:569:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char baname[MAXNAMEL+1] = ""; /* Input & Output base name */
data/argyll-2.0.1+repack/profile/printcal.c:570:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inname[MAXNAMEL+1] = ""; /* new .ti3 input file name */
data/argyll-2.0.1+repack/profile/printcal.c:571:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char calname[MAXNAMEL+1] = ""; /* previous .cal input file name */
data/argyll-2.0.1+repack/profile/printcal.c:572:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outname[MAXNAMEL+1] = ""; /* new .cal output file name */
data/argyll-2.0.1+repack/profile/printcal.c:573:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ampname[MAXNAMEL+1] = ""; /* new .amp output file name */
data/argyll-2.0.1+repack/profile/printcal.c:668:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verb = atoi(na);
data/argyll-2.0.1+repack/profile/printcal.c:676:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
doplot = atoi(na);
data/argyll-2.0.1+repack/profile/printcal.c:861:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(calname,".cal");
data/argyll-2.0.1+repack/profile/printcal.c:866:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(inname,".ti3");
data/argyll-2.0.1+repack/profile/printcal.c:868:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outname,".cal");
data/argyll-2.0.1+repack/profile/printcal.c:870:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ampname,".amp");
data/argyll-2.0.1+repack/profile/printcal.c:979:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/profile/printcal.c:1056:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/profile/printcal.c:1057:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pcsfname[2][3] = { { "XYZ_X", "XYZ_Y", "XYZ_Z" },
data/argyll-2.0.1+repack/profile/printcal.c:1080:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/profile/printcal.c:1084:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sp.spec_n = atoi(icg->t[0].kdata[ii]);
data/argyll-2.0.1+repack/profile/printcal.c:1101:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d",nm);
data/argyll-2.0.1+repack/profile/printcal.c:2271:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nmode[50] = { '\000' };
data/argyll-2.0.1+repack/profile/printcal.c:2277:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(ampname, nmode)) == NULL)
data/argyll-2.0.1+repack/profile/prof.h:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *absname[3], /* abstract profile name for each table */
data/argyll-2.0.1+repack/profile/profcheck.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sid[50]; /* sample id */
data/argyll-2.0.1+repack/profile/profcheck.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char slo[50]; /* sample location, "" if not known */
data/argyll-2.0.1+repack/profile/profcheck.c:114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ti3name[MAXNAMEL+1] = { 0 }; /* Input cgats file base name */
data/argyll-2.0.1+repack/profile/profcheck.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iccname[MAXNAMEL+1] = { 0 }; /* Input icc file base name */
data/argyll-2.0.1+repack/profile/profcheck.c:121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[MAXNAMEL+1], *xl; /* VRML/X3D name */
data/argyll-2.0.1+repack/profile/profcheck.c:189:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verb = atoi(na);
data/argyll-2.0.1+repack/profile/profcheck.c:238:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tp, buf[200];
data/argyll-2.0.1+repack/profile/profcheck.c:743:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/profile/profcheck.c:749:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sp.spec_n = atoi(icg->t[0].kdata[ii]);
data/argyll-2.0.1+repack/profile/profcheck.c:769:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d",nm);
data/argyll-2.0.1+repack/profile/profcheck.c:1084:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, outname[MAXNAMEL+31];
data/argyll-2.0.1+repack/profile/profcheck.c:1091:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cp, "_p%.2f.ti3",prune);
data/argyll-2.0.1+repack/profile/profin.c:620:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(in_name, "rb")) == NULL)
data/argyll-2.0.1+repack/profile/profin.c:622:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(in_name, "r")) == NULL)
data/argyll-2.0.1+repack/profile/profin.c:753:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/profile/profin.c:759:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sp.spec_n = atoi(icg->t[0].kdata[ii]);
data/argyll-2.0.1+repack/profile/profin.c:776:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d",nm);
data/argyll-2.0.1+repack/profile/profout.c:698:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *absname[3], /* abstract profile name for each table */
data/argyll-2.0.1+repack/profile/profout.c:1117:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dst, dstm[200]; /* description */
data/argyll-2.0.1+repack/profile/profout.c:1527:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(in_name, "rb")) == NULL)
data/argyll-2.0.1+repack/profile/profout.c:1529:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(in_name, "r")) == NULL)
data/argyll-2.0.1+repack/profile/profout.c:1747:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/profile/profout.c:1753:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sp.spec_n = atoi(icg->t[0].kdata[ii]);
data/argyll-2.0.1+repack/profile/profout.c:1777:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d",nm);
data/argyll-2.0.1+repack/profile/profout.c:2805:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->pp->err,"xfit fitting failed");
data/argyll-2.0.1+repack/profile/profout.c:2823:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->pp->err,"Creation of input table rspl failed");
data/argyll-2.0.1+repack/profile/profout.c:2858:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->pp->err,"Creation of output table rspl failed");
data/argyll-2.0.1+repack/profile/simpprof.c:181:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char inname[200] = { 0 }; /* Input cgats file base name */
data/argyll-2.0.1+repack/profile/simpprof.c:182:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char outname[200] = { 0 }; /* Output cgats file base name */
data/argyll-2.0.1+repack/profile/simpprof.c:235:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(inname,".ti3");
data/argyll-2.0.1+repack/profile/simpprof.c:237:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outname,".pr1");
data/argyll-2.0.1+repack/profile/splitti3.c:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[MAXNAMEL+1]; /* Patch filename */
data/argyll-2.0.1+repack/profile/splitti3.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name1[MAXNAMEL+4+1]; /* VRML name */
data/argyll-2.0.1+repack/profile/splitti3.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name2[MAXNAMEL+4+1]; /* VRML name */
data/argyll-2.0.1+repack/profile/splitti3.c:119:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
numb = atoi(na);
data/argyll-2.0.1+repack/profile/splitti3.c:125:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
prop = atoi(na);
data/argyll-2.0.1+repack/profile/splitti3.c:135:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seed = atoi(na);
data/argyll-2.0.1+repack/profile/splitti3.c:226:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xyzfname[3] = { "XYZ_X", "XYZ_Y", "XYZ_Z" };
data/argyll-2.0.1+repack/profile/splitti3.c:227:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *labfname[3] = { "LAB_L", "LAB_A", "LAB_B" };
data/argyll-2.0.1+repack/profile/splitti3.c:275:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100];
data/argyll-2.0.1+repack/profile/txt2ti3.c:120:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char devname[MAXNAMEL+1] = { 0 }; /* Input CMYK/Device .txt file (may be null) */
data/argyll-2.0.1+repack/profile/txt2ti3.c:121:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ciename[MAXNAMEL+1] = { 0 }; /* Input CIE .txt file (may be null) */
data/argyll-2.0.1+repack/profile/txt2ti3.c:122:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char specname[MAXNAMEL+1] = { 0 }; /* Input Device / Spectral .txt file */
data/argyll-2.0.1+repack/profile/txt2ti3.c:123:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char outname[MAXNAMEL+9] = { 0 }; /* Output cgats .ti3 file base name */
data/argyll-2.0.1+repack/profile/txt2ti3.c:124:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char outname2[MAXNAMEL+9] = { 0 }; /* Output cgats .ti2 file base name */
data/argyll-2.0.1+repack/profile/txt2ti3.c:181:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tlimit = atoi(na);
data/argyll-2.0.1+repack/profile/txt2ti3.c:246:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outname2,".ti2");
data/argyll-2.0.1+repack/profile/txt2ti3.c:250:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outname,".ti3");
data/argyll-2.0.1+repack/profile/txt2ti3.c:416:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fields[3][3] = {
data/argyll-2.0.1+repack/profile/txt2ti3.c:455:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufs[6][50];
data/argyll-2.0.1+repack/profile/txt2ti3.c:495:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufs[0],"nm%03d", specmin);
data/argyll-2.0.1+repack/profile/txt2ti3.c:496:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufs[1],"NM_%03d", specmin);
data/argyll-2.0.1+repack/profile/txt2ti3.c:497:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufs[2],"SPECTRAL_NM_%03d", specmin);
data/argyll-2.0.1+repack/profile/txt2ti3.c:498:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufs[3],"R_%03d", specmin);
data/argyll-2.0.1+repack/profile/txt2ti3.c:499:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufs[4],"SPECTRAL_%03d", specmin);
data/argyll-2.0.1+repack/profile/txt2ti3.c:500:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufs[5],"SPECTRAL_NM%03d", specmin);
data/argyll-2.0.1+repack/profile/txt2ti3.c:512:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufs[0],"nm%03d", specmax);
data/argyll-2.0.1+repack/profile/txt2ti3.c:513:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufs[1],"NM_%03d", specmax);
data/argyll-2.0.1+repack/profile/txt2ti3.c:514:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufs[2],"SPECTRAL_NM_%03d", specmax);
data/argyll-2.0.1+repack/profile/txt2ti3.c:515:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufs[3],"R_%03d", specmax);
data/argyll-2.0.1+repack/profile/txt2ti3.c:516:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufs[4],"SPECTRAL_%03d", specmax);
data/argyll-2.0.1+repack/profile/txt2ti3.c:517:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufs[5],"SPECTRAL_NM%03d", specmax);
data/argyll-2.0.1+repack/profile/txt2ti3.c:545:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufs[0],"nm%03d", specmin + 10 * j);
data/argyll-2.0.1+repack/profile/txt2ti3.c:546:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufs[1],"NM_%03d", specmin + 10 * j);
data/argyll-2.0.1+repack/profile/txt2ti3.c:547:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufs[2],"SPECTRAL_NM_%03d", specmin + 10 * j);
data/argyll-2.0.1+repack/profile/txt2ti3.c:548:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufs[3],"R_%03d", specmin + 10 * j);
data/argyll-2.0.1+repack/profile/txt2ti3.c:549:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufs[4],"SPECTRAL_%03d", specmin + 10 * j);
data/argyll-2.0.1+repack/profile/txt2ti3.c:550:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufs[5],"SPECTRAL_NM%03d", specmin + 10 * j);
data/argyll-2.0.1+repack/profile/txt2ti3.c:686:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/profile/txt2ti3.c:688:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d", specnum);
data/argyll-2.0.1+repack/profile/txt2ti3.c:690:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d", specmin);
data/argyll-2.0.1+repack/profile/txt2ti3.c:692:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d", specmax);
data/argyll-2.0.1+repack/profile/txt2ti3.c:697:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d", specmin + 10 * j);
data/argyll-2.0.1+repack/profile/txt2ti3.c:732:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[100];
data/argyll-2.0.1+repack/profile/txt2ti3.c:733:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc[100];
data/argyll-2.0.1+repack/profile/txt2ti3.c:755:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(id, "%d", i+1);
data/argyll-2.0.1+repack/profile/txt2ti3.c:811:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/profile/txt2ti3.c:812:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", tlimit);
data/argyll-2.0.1+repack/profile/txt2ti3.c:855:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/profile/txt2ti3.c:856:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", tlimit);
data/argyll-2.0.1+repack/profile/txt2ti3.c:899:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[100];
data/argyll-2.0.1+repack/profile/txt2ti3.c:920:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(id, "%d", i+1);
data/argyll-2.0.1+repack/profile/txt2ti3.c:1031:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
c += sprintf(c, "%d",second);
data/argyll-2.0.1+repack/profile/txt2ti3.c:1034:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
c += sprintf(c, "%d",first);
data/argyll-2.0.1+repack/render/render.c:128:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->buf + s->off, data, length);
data/argyll-2.0.1+repack/render/render.c:517:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((png_fp = fopen(filename, nmode)) == NULL) {
data/argyll-2.0.1+repack/render/render.c:1812:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *enc[128]; /* Hershey encoded font */
data/argyll-2.0.1+repack/render/thscreen.h:136:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char _tht[65536 * 3];/* Threshold table */
data/argyll-2.0.1+repack/render/timage.c:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outname[MAXNAMEL+1] = { 0 }; /* Output TIFF name */
data/argyll-2.0.1+repack/render/timage.c:135:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
schart = atoi(na);
data/argyll-2.0.1+repack/render/timage.c:310:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chars[33];
data/argyll-2.0.1+repack/render/timage.c:733:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(outname, nmode)) == NULL)
data/argyll-2.0.1+repack/rspl/rev.c:271:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *opnames[6] = { "exact", "clipv", "clipn", "auxil", "locus" };
data/argyll-2.0.1+repack/rspl/rev.c:341:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
new_stderr = open("/dev/null", O_WRONLY | O_APPEND);
data/argyll-2.0.1+repack/rspl/rev.c:8934:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index[100];
data/argyll-2.0.1+repack/rspl/rev.c:8938:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(index, "%d:%d",ff,aa);
data/argyll-2.0.1+repack/rspl/rev.c:12371:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *alocs[4 * 1024];
data/argyll-2.0.1+repack/rspl/rev.c:12382:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
new_stderr = open("/dev/null", O_WRONLY | O_APPEND);
data/argyll-2.0.1+repack/rspl/rev.c:12468:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5][300];
data/argyll-2.0.1+repack/rspl/rev.c:12504:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bp, "%f:%f", min[e],max[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/rspl/rev.c:12551:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index[100];
data/argyll-2.0.1+repack/rspl/rev.c:12558:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(index, "%d",ix);
data/argyll-2.0.1+repack/rspl/rev.c:12830:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index[100];
data/argyll-2.0.1+repack/rspl/rev.c:12837:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(index, "%d",vx->ix);
data/argyll-2.0.1+repack/rspl/rev.c:13108:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index[100];
data/argyll-2.0.1+repack/rspl/rev.c:13115:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(index, "%d",ix + s->g.hi[off]);
data/argyll-2.0.1+repack/rspl/revbench.c:142:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
clutres = atoi(na);
data/argyll-2.0.1+repack/rspl/revbench.c:147:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rres = atoi(na);
data/argyll-2.0.1+repack/rspl/smtmpp.c:694:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prof_name[500];
data/argyll-2.0.1+repack/rspl/smtmpp.c:750:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
series = atoi(na);
data/argyll-2.0.1+repack/rspl/smtmpp.c:761:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
di = atoi(na);
data/argyll-2.0.1+repack/rspl/smtmpp.c:768:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
res = atoi(na);
data/argyll-2.0.1+repack/rspl/smtmpp.c:775:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ntps = atoi(na);
data/argyll-2.0.1+repack/rspl/smtmpp.c:789:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nlev = atoi(na);
data/argyll-2.0.1+repack/rspl/smtmpp.c:810:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ix = atoi(na);
data/argyll-2.0.1+repack/rspl/smtnd.c:801:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
series = atoi(na);
data/argyll-2.0.1+repack/rspl/smtnd.c:812:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
di = atoi(na);
data/argyll-2.0.1+repack/rspl/smtnd.c:819:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
its = atoi(na);
data/argyll-2.0.1+repack/rspl/smtnd.c:826:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
res = atoi(na);
data/argyll-2.0.1+repack/rspl/smtnd.c:833:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ntps = atoi(na);
data/argyll-2.0.1+repack/rspl/smtnd.c:847:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nlev = atoi(na);
data/argyll-2.0.1+repack/rspl/smtnd.c:871:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seed = atoi(na);
data/argyll-2.0.1+repack/rspl/t2d.c:522:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ix = atoi(na);
data/argyll-2.0.1+repack/rspl/t2d.c:684:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pa[HEIGHT][WIDTH][3];
data/argyll-2.0.1+repack/rspl/t2ddf.c:152:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ix = atoi(na);
data/argyll-2.0.1+repack/rspl/t2ddf.c:251:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pa[HEIGHT][WIDTH][3];
data/argyll-2.0.1+repack/rspl/t3d.c:428:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ix = atoi(na);
data/argyll-2.0.1+repack/rspl/t3d.c:558:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pa[HEIGHT][WIDTH][3];
data/argyll-2.0.1+repack/rspl/t3ddf.c:172:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ix = atoi(na);
data/argyll-2.0.1+repack/rspl/t3ddf.c:282:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pa[HEIGHT][WIDTH][3];
data/argyll-2.0.1+repack/rspl/tnd.c:304:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pa[HEIGHT][WIDTH][3];
data/argyll-2.0.1+repack/scanin/scanin.c:146:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tiffin_name[MAXNAMEL+1] = { 0 }; /* TIFF Input file name (.tif) */
data/argyll-2.0.1+repack/scanin/scanin.c:147:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char datin_name[MAXNAMEL+4+1] = { 0 }; /* Data input name (.cie/.q60) */
data/argyll-2.0.1+repack/scanin/scanin.c:148:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char datout_name[MAXNAMEL+4+1] = { 0 }; /* Data output name (.ti3/.val) */
data/argyll-2.0.1+repack/scanin/scanin.c:149:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char recog_name[MAXNAMEL+1] = { 0 }; /* Reference chart name (.cht) */
data/argyll-2.0.1+repack/scanin/scanin.c:150:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prof_name[MAXNAMEL+1] = { 0 }; /* scanner profile name (.cht) */
data/argyll-2.0.1+repack/scanin/scanin.c:151:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char diag_name[MAXNAMEL+1] = { 0 }; /* Diagnostic Output (.tif) name, if used */
data/argyll-2.0.1+repack/scanin/scanin.c:212:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verb = atoi(na);
data/argyll-2.0.1+repack/scanin/scanin.c:351:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl,".ti3");
data/argyll-2.0.1+repack/scanin/scanin.c:353:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl,".val");
data/argyll-2.0.1+repack/scanin/scanin.c:374:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(datin_name,".ti2");
data/argyll-2.0.1+repack/scanin/scanin.c:376:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(datout_name,".ti3");
data/argyll-2.0.1+repack/scanin/scanin.c:386:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(diag_name,"diag.tif");
data/argyll-2.0.1+repack/scanin/scanin.c:555:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[100]; /* Input patch id */
data/argyll-2.0.1+repack/scanin/scanin.c:595:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dfnames[5][4] = { /* Device colorspace names */
data/argyll-2.0.1+repack/scanin/scanin.c:694:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc[100]; /* Target patch location */
data/argyll-2.0.1+repack/scanin/scanin.c:879:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xyzfname[3] = { "XYZ_X", "XYZ_Y", "XYZ_Z" };
data/argyll-2.0.1+repack/scanin/scanin.c:888:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100];
data/argyll-2.0.1+repack/scanin/scanin.c:927:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100];
data/argyll-2.0.1+repack/scanin/scanin.c:1061:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc[100]; /* Target patch location */
data/argyll-2.0.1+repack/scanin/scanin.c:1248:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spec_n = atoi(icg->t[0].kdata[ti]);
data/argyll-2.0.1+repack/scanin/scanin.c:1258:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/scanin/scanin.c:1265:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d",nm);
data/argyll-2.0.1+repack/scanin/scanin.c:1281:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/scanin/scanin.c:1284:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d", spec_n);
data/argyll-2.0.1+repack/scanin/scanin.c:1286:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f", spec_wl_short);
data/argyll-2.0.1+repack/scanin/scanin.c:1288:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f", spec_wl_long);
data/argyll-2.0.1+repack/scanin/scanin.c:1299:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d",nm);
data/argyll-2.0.1+repack/scanin/scanin.c:1331:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[100]; /* Input patch id */
data/argyll-2.0.1+repack/scanin/scanin.c:1338:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tod[100]; /* Output patch id */
data/argyll-2.0.1+repack/scanin/scanin.c:1339:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char od[100]; /* Output patch id */
data/argyll-2.0.1+repack/scanin/scanin.c:1425:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(o,"GS00");
data/argyll-2.0.1+repack/scanin/scanin.c:1429:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(o,"GS23");
data/argyll-2.0.1+repack/scanin/scanrd.c:196:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"Chart recognition definition file doesn't contain fiducials");
data/argyll-2.0.1+repack/scanin/scanrd.c:220:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"Pattern match wasn't good enough");
data/argyll-2.0.1+repack/scanin/scanrd.c:380:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"scanrd: Pixel depth is too large");
data/argyll-2.0.1+repack/scanin/scanrd.c:386:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"scanrd: Pixel bits/pixel is not 8 or 16");
data/argyll-2.0.1+repack/scanin/scanrd.c:401:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"scanrd: Diagnostic output raster array malloc failed");
data/argyll-2.0.1+repack/scanin/scanrd.c:537:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int analize(scanrd_ *s, unsigned char *inp[6], int y);
data/argyll-2.0.1+repack/scanin/scanrd.c:543:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *in[6]; /* Pointer to six input buffers */
data/argyll-2.0.1+repack/scanin/scanrd.c:552:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"scanrd: Failed to malloc input line buffers");
data/argyll-2.0.1+repack/scanin/scanrd.c:559:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (s->read_line(s->fdata, y, (char *)in[y])) {
data/argyll-2.0.1+repack/scanin/scanrd.c:561:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"scanrd: read_line() returned error");
data/argyll-2.0.1+repack/scanin/scanrd.c:568:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (s->read_line(s->fdata, y, (char *)in[5])) {
data/argyll-2.0.1+repack/scanin/scanrd.c:570:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"scanrd: read_line() returned error");
data/argyll-2.0.1+repack/scanin/scanrd.c:648:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *inp[6], /* current and previous 5 lines */
data/argyll-2.0.1+repack/scanin/scanrd.c:656:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *in[6]; /* six input lines (8bpp) */
data/argyll-2.0.1+repack/scanin/scanrd.c:697:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"vreg malloc failed");
data/argyll-2.0.1+repack/scanin/scanrd.c:703:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"vreg malloc failed");
data/argyll-2.0.1+repack/scanin/scanrd.c:709:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"vreg malloc failed");
data/argyll-2.0.1+repack/scanin/scanrd.c:715:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"vreg malloc failed");
data/argyll-2.0.1+repack/scanin/scanrd.c:745:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
in[i] = (unsigned char *)in2[i]; /* track 8bpp pointers */
data/argyll-2.0.1+repack/scanin/scanrd.c:864:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"Internal, no_hn is too large");
data/argyll-2.0.1+repack/scanin/scanrd.c:882:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"Internal, no_vn is too large");
data/argyll-2.0.1+repack/scanin/scanrd.c:952:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"new_points: malloc failed");
data/argyll-2.0.1+repack/scanin/scanrd.c:988:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"add_run: realloc failed");
data/argyll-2.0.1+repack/scanin/scanrd.c:1155:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"scanrd: points_to_line: malloc failed");
data/argyll-2.0.1+repack/scanin/scanrd.c:1497:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"Not enough valid lines to compute perspective");
data/argyll-2.0.1+repack/scanin/scanrd.c:1601:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"Not enough valid lines to compute rotation angle");
data/argyll-2.0.1+repack/scanin/scanrd.c:1667:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"%d consistent lines is not enough to compute rotation angle",nl);
data/argyll-2.0.1+repack/scanin/scanrd.c:1737:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"scanrd: calc_elist: malloc failed - novlines = %d",s->novlines);
data/argyll-2.0.1+repack/scanin/scanrd.c:1743:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"scanrd: calc_elist: malloc failed - novlines = %d",s->novlines);
data/argyll-2.0.1+repack/scanin/scanrd.c:1795:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"scanrd: calc_elist: malloc failed, xl.c = %d",xl.c);
data/argyll-2.0.1+repack/scanin/scanrd.c:1803:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"scanrd: calc_elist: malloc failed, yl.c = %d",yl.c);
data/argyll-2.0.1+repack/scanin/scanrd.c:1819:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"scanrd: calc_elist: malloc failed, xl.c = %d, yl.c = %d",xl.c,yl.c);
data/argyll-2.0.1+repack/scanin/scanrd.c:1997:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((elf=fopen(fname,"w"))==NULL) {
data/argyll-2.0.1+repack/scanin/scanrd.c:2036:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((elf=fopen(fname,"r"))==NULL) {
data/argyll-2.0.1+repack/scanin/scanrd.c:2066:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"read_elist, malloc failed");
data/argyll-2.0.1+repack/scanin/scanrd.c:2070:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xfix1[20], xfix2[20], yfix1[20],yfix2[20];
data/argyll-2.0.1+repack/scanin/scanrd.c:2071:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xfirst[20];
data/argyll-2.0.1+repack/scanin/scanrd.c:2073:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xf[20];
data/argyll-2.0.1+repack/scanin/scanrd.c:2177:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"read_elist, malloc failed");
data/argyll-2.0.1+repack/scanin/scanrd.c:2206:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"read_elist, malloc failed");
data/argyll-2.0.1+repack/scanin/scanrd.c:2224:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char csps[20];
data/argyll-2.0.1+repack/scanin/scanrd.c:2249:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20];
data/argyll-2.0.1+repack/scanin/scanrd.c:2327:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"invert_elist: malloc failed");
data/argyll-2.0.1+repack/scanin/scanrd.c:3308:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"setup_sboxes: malloc failed");
data/argyll-2.0.1+repack/scanin/scanrd.c:3313:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"setup_sboxes: malloc failed");
data/argyll-2.0.1+repack/scanin/scanrd.c:3446:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"do_value_scan: Failed to malloc test output array");
data/argyll-2.0.1+repack/scanin/scanrd.c:3460:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"scanrd: do_value_scan: read_line() returned error");
data/argyll-2.0.1+repack/scanin/scanrd.c:3827:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char cc[3 * 24] = { /* Group palet */
data/argyll-2.0.1+repack/scanin/scanrd.c:4087:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"aa_line init: Failed to malloc internal table");
data/argyll-2.0.1+repack/scanin/scanrd.c:4653:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s->errm,"scanrd: write_line() returned error");
data/argyll-2.0.1+repack/scanin/scanrd_.h:137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SBOX_NAME_SZ]; /* Box name (usualy letter number coordinate) */
data/argyll-2.0.1+repack/scanin/scanrd_.h:181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errm[200]; /* Error message */
data/argyll-2.0.1+repack/spectro/LzmaDec.c:782:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->tempBuf, src, inSize);
data/argyll-2.0.1+repack/spectro/LzmaDec.c:870:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, p->dic + dicPos, outSizeCur);
data/argyll-2.0.1+repack/spectro/average.c:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXNAMEL+1];
data/argyll-2.0.1+repack/spectro/average.c:275:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100];
data/argyll-2.0.1+repack/spectro/average.c:292:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fname[2][3] = { { "LAB_L", "LAB_A", "LAB_B" },
data/argyll-2.0.1+repack/spectro/base64.c:42:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[3];
data/argyll-2.0.1+repack/spectro/base64.c:158:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char src[MAXLEN], check[MAXLEN];
data/argyll-2.0.1+repack/spectro/base64.c:159:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[EBASE64LEN(MAXLEN) + 1];
data/argyll-2.0.1+repack/spectro/ccwin.c:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url[200];
data/argyll-2.0.1+repack/spectro/ccwin.c:169:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url[200];
data/argyll-2.0.1+repack/spectro/ccwin.c:227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[200];
data/argyll-2.0.1+repack/spectro/ccwin.c:249:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sbuf,
data/argyll-2.0.1+repack/spectro/ccwin.c:261:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sbuf,
data/argyll-2.0.1+repack/spectro/ccwin.c:337:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *options[3];
data/argyll-2.0.1+repack/spectro/ccwin.c:338:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[50];
data/argyll-2.0.1+repack/spectro/ccwin.c:395:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(port,"%d", 8081); /* Use fixed port for Linux firewall rule */
data/argyll-2.0.1+repack/spectro/ccwin.c:755:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *options[3];
data/argyll-2.0.1+repack/spectro/ccwin.c:821:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/spectro/ccxxmake.c:259:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char innames[2][MAXNAMEL+1] = { "\000", "\000" }; /* .ti3 input names */
data/argyll-2.0.1+repack/spectro/ccxxmake.c:260:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outname[MAXNAMEL+5+1] = "\000"; /* ccmx output file name */
data/argyll-2.0.1+repack/spectro/ccxxmake.c:327:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
webdisp = atoi(na+4);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:339:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ccdisp = atoi(na+3);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:366:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ix = atoi(na);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:386:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ix = atoi(na);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:403:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
comno = atoi(na);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:500:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msteps = atoi(na);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:526:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug = atoi(na);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:614:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/spectro/ccxxmake.c:648:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sp.spec_n = atoi(cgf->t[0].kdata[ii]);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:665:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d",nm);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:833:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cbid = atoi(cgf->t[0].kdata[ti]);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:859:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/spectro/ccxxmake.c:865:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sp.spec_n = atoi(cgf->t[0].kdata[ii]);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:882:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d",nm);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:962:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(colname, " (");
data/argyll-2.0.1+repack/spectro/ccxxmake.c:971:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(description, " & ");
data/argyll-2.0.1+repack/spectro/ccxxmake.c:1024:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ix = atoi(pp+1);
data/argyll-2.0.1+repack/spectro/ccxxmake.c:1451:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(colname, " (");
data/argyll-2.0.1+repack/spectro/ccxxmake.c:1460:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(description, " & ");
data/argyll-2.0.1+repack/spectro/chartread.c:123:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf [200];
data/argyll-2.0.1+repack/spectro/chartread.c:823:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pn[3] = { NULL, NULL, NULL} ; /* Location 1/2/3 Pass name (letters) */
data/argyll-2.0.1+repack/spectro/chartread.c:824:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *sn[3] = { NULL, NULL, NULL} ; /* Location 1/2/3 Step name (numbers) */
data/argyll-2.0.1+repack/spectro/chartread.c:1724:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200], *bp = NULL, *ep = NULL;
data/argyll-2.0.1+repack/spectro/chartread.c:2208:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ccxxname[MAXNAMEL+1] = "\000"; /* Colorimeter Correction/Colorimeter Calibration name */
data/argyll-2.0.1+repack/spectro/chartread.c:2211:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char inname[MAXNAMEL+1] = { 0 }; /* Input cgats file base name */
data/argyll-2.0.1+repack/spectro/chartread.c:2212:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char outname[MAXNAMEL+1] = { 0 }; /* Output cgats file base name */
data/argyll-2.0.1+repack/spectro/chartread.c:2215:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char calname[MAXNAMEL+1] = { 0 }; /* User supplied calibration filename */
data/argyll-2.0.1+repack/spectro/chartread.c:2351:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug = atoi(na);
data/argyll-2.0.1+repack/spectro/chartread.c:2360:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
comport = atoi(na);
data/argyll-2.0.1+repack/spectro/chartread.c:2487:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(inname,".ti2");
data/argyll-2.0.1+repack/spectro/chartread.c:2489:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outname,".ti3");
data/argyll-2.0.1+repack/spectro/chartread.c:2559:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stipa = atoi(icg->t[0].kdata[ti]);
data/argyll-2.0.1+repack/spectro/chartread.c:2601:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pis[i] = atoi(cp);
data/argyll-2.0.1+repack/spectro/chartread.c:2620:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rstart = atoi(icg->t[0].kdata[ti]);
data/argyll-2.0.1+repack/spectro/chartread.c:2623:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rstart = atoi(icg->t[0].kdata[ti]);
data/argyll-2.0.1+repack/spectro/chartread.c:2695:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xyzfname[3] = { "XYZ_X", "XYZ_Y", "XYZ_Z" };
data/argyll-2.0.1+repack/spectro/chartread.c:2696:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *labfname[3] = { "LAB_L", "LAB_A", "LAB_B" };
data/argyll-2.0.1+repack/spectro/chartread.c:2707:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100];
data/argyll-2.0.1+repack/spectro/chartread.c:2747:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100];
data/argyll-2.0.1+repack/spectro/chartread.c:2873:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fname[2][3] = { { "XYZ_X", "XYZ_Y", "XYZ_Z" },
data/argyll-2.0.1+repack/spectro/chartread.c:2876:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/argyll-2.0.1+repack/spectro/chartread.c:2909:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sp.spec_n = atoi(rcg->t[0].kdata[ii]);
data/argyll-2.0.1+repack/spectro/chartread.c:2925:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d",nm);
data/argyll-2.0.1+repack/spectro/chartread.c:3040:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/spectro/chartread.c:3045:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f %f %f", cols[wpat].XYZ[0], cols[wpat].XYZ[1], cols[wpat].XYZ[2]);
data/argyll-2.0.1+repack/spectro/chartread.c:3078:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/spectro/chartread.c:3081:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d", cols[vpix].sp.spec_n);
data/argyll-2.0.1+repack/spectro/chartread.c:3083:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f", cols[vpix].sp.spec_wl_short);
data/argyll-2.0.1+repack/spectro/chartread.c:3085:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f", cols[vpix].sp.spec_wl_long);
data/argyll-2.0.1+repack/spectro/chartread.c:3096:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d",nm);
data/argyll-2.0.1+repack/spectro/colorhug.c:66:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[40];
data/argyll-2.0.1+repack/spectro/colorhug.c:85:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Unknown %02x",cc);
data/argyll-2.0.1+repack/spectro/colorhug.c:161:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/argyll-2.0.1+repack/spectro/colorhug.c:174:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 1, in, in_size);
data/argyll-2.0.1+repack/spectro/colorhug.c:254:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, buf + 2, out_size);
data/argyll-2.0.1+repack/spectro/colorhug.c:342:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibuf[4];
data/argyll-2.0.1+repack/spectro/colorhug.c:385:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char obuf[3 * 4];
data/argyll-2.0.1+repack/spectro/colorhug.c:402:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char obuf[3 * 4];
data/argyll-2.0.1+repack/spectro/colorhug.c:488:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char obuf[6];
data/argyll-2.0.1+repack/spectro/colorhug.c:511:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char obuf[6];
data/argyll-2.0.1+repack/spectro/colorhug.c:532:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibuf[1];
data/argyll-2.0.1+repack/spectro/colorhug.c:551:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibuf[2];
data/argyll-2.0.1+repack/spectro/colorhug.c:570:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char obuf[4];
data/argyll-2.0.1+repack/spectro/conv.c:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/argyll-2.0.1+repack/spectro/conv.c:148:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/argyll-2.0.1+repack/spectro/conv.c:204:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10] = { 0 }, c;
data/argyll-2.0.1+repack/spectro/conv.c:242:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100] = { 0 }, c;
data/argyll-2.0.1+repack/spectro/conv.c:511:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tb[3];
data/argyll-2.0.1+repack/spectro/conv.c:556:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tb[3];
data/argyll-2.0.1+repack/spectro/conv.c:868:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uid = atoi(uids);
data/argyll-2.0.1+repack/spectro/dispcal.c:1726:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outname[MAXNAMEL+1] = { 0 }; /* Output cgats file base name */
data/argyll-2.0.1+repack/spectro/dispcal.c:1727:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iccoutname[MAXNAMEL+1] = { 0 };/* Output icc file base name */
data/argyll-2.0.1+repack/spectro/dispcal.c:1728:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ccxxname[MAXNAMEL+1] = "\000"; /* CCMX or CCSS file name */
data/argyll-2.0.1+repack/spectro/dispcal.c:1832:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verb = atoi(na);
data/argyll-2.0.1+repack/spectro/dispcal.c:1843:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
webdisp = atoi(na+4);
data/argyll-2.0.1+repack/spectro/dispcal.c:1855:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ccdisp = atoi(na+3);
data/argyll-2.0.1+repack/spectro/dispcal.c:1880:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ix = atoi(na);
data/argyll-2.0.1+repack/spectro/dispcal.c:1898:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ix = atoi(na);
data/argyll-2.0.1+repack/spectro/dispcal.c:2002:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug = atoi(na);
data/argyll-2.0.1+repack/spectro/dispcal.c:2033:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nver = atoi(na);
data/argyll-2.0.1+repack/spectro/dispcal.c:2051:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
comport = atoi(na);
data/argyll-2.0.1+repack/spectro/dispcal.c:2285:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ix = atoi(pp+1);
data/argyll-2.0.1+repack/spectro/dispcal.c:2363:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outname,".cal");
data/argyll-2.0.1+repack/spectro/dispcal.c:2844:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fnames[4] = { "RGB_I", "RGB_R", "RGB_G", "RGB_B" };
data/argyll-2.0.1+repack/spectro/dispcal.c:2876:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fnames[3] = { "R_P", "G_P", "B_P" };
data/argyll-2.0.1+repack/spectro/dispcal.c:5277:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%c%c",((ditype >> 8) & 0xff), ditype & 0xff);
data/argyll-2.0.1+repack/spectro/dispcal.c:5279:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%c",ditype);
data/argyll-2.0.1+repack/spectro/dispcal.c:5286:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f %f %f", x.twh[0], x.twh[1], x.twh[2]);
data/argyll-2.0.1+repack/spectro/dispcal.c:5292:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f", -egamma);
data/argyll-2.0.1+repack/spectro/dispcal.c:5294:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f", gamma);
data/argyll-2.0.1+repack/spectro/dispcal.c:5297:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf,"L_STAR");
data/argyll-2.0.1+repack/spectro/dispcal.c:5300:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf,"sRGB");
data/argyll-2.0.1+repack/spectro/dispcal.c:5303:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf,"REC709");
data/argyll-2.0.1+repack/spectro/dispcal.c:5306:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf,"SMPTE240M");
data/argyll-2.0.1+repack/spectro/dispcal.c:5313:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f", x.oofff);
data/argyll-2.0.1+repack/spectro/dispcal.c:5316:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f", bkcorrect);
data/argyll-2.0.1+repack/spectro/dispcal.c:5319:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f", x.nbrate);
data/argyll-2.0.1+repack/spectro/dispcal.c:5323:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f", bkbright);
data/argyll-2.0.1+repack/spectro/dispcal.c:5708:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dst, dstm[200]; /* description */
data/argyll-2.0.1+repack/spectro/dispread.c:250:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ccxxname[MAXNAMEL+1] = "\000"; /* Colorimeter Correction Matrix name */
data/argyll-2.0.1+repack/spectro/dispread.c:267:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inname[MAXNAMEL+1] = "\000"; /* Input cgats file base name */
data/argyll-2.0.1+repack/spectro/dispread.c:268:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outname[MAXNAMEL+1] = "\000"; /* Output cgats file base name */
data/argyll-2.0.1+repack/spectro/dispread.c:269:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char calname[MAXNAMEL+1] = "\000"; /* Calibration file name (if any) */
data/argyll-2.0.1+repack/spectro/dispread.c:346:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
webdisp = atoi(na+4);
data/argyll-2.0.1+repack/spectro/dispread.c:358:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ccdisp = atoi(na+3);
data/argyll-2.0.1+repack/spectro/dispread.c:383:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ix = atoi(na);
data/argyll-2.0.1+repack/spectro/dispread.c:401:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ix = atoi(na);
data/argyll-2.0.1+repack/spectro/dispread.c:418:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
comport = atoi(na);
data/argyll-2.0.1+repack/spectro/dispread.c:487:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qbits = atoi(na);
data/argyll-2.0.1+repack/spectro/dispread.c:595:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug = atoi(na);
data/argyll-2.0.1+repack/spectro/dispread.c:644:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ix = atoi(pp+1);
data/argyll-2.0.1+repack/spectro/dispread.c:722:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(inname,".ti1");
data/argyll-2.0.1+repack/spectro/dispread.c:723:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outname,".ti3");
data/argyll-2.0.1+repack/spectro/dispread.c:958:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/spectro/dispread.c:959:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", cbid);
data/argyll-2.0.1+repack/spectro/dispread.c:1028:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/spectro/dispread.c:1031:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d", cols[0].sp.spec_n);
data/argyll-2.0.1+repack/spectro/dispread.c:1033:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f", cols[0].sp.spec_wl_short);
data/argyll-2.0.1+repack/spectro/dispread.c:1035:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f", cols[0].sp.spec_wl_long);
data/argyll-2.0.1+repack/spectro/dispread.c:1046:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d",nm);
data/argyll-2.0.1+repack/spectro/dispread.c:1083:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/spectro/dispread.c:1085:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f %f %f", cols[wpat].XYZ[0], cols[wpat].XYZ[1], cols[wpat].XYZ[2]);
data/argyll-2.0.1+repack/spectro/dispsup.c:451:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[CALIDLEN];
data/argyll-2.0.1+repack/spectro/dispsup.c:1839:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(cmd,"r")) == NULL)
data/argyll-2.0.1+repack/spectro/dispsup.c:1882:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200], *bp = NULL, *ep = NULL;
data/argyll-2.0.1+repack/spectro/disptechs.c:483:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usels[256]; /* Used selectors */
data/argyll-2.0.1+repack/spectro/disptechs.h:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lsel[10]; /* Unique list selector for ui */
data/argyll-2.0.1+repack/spectro/disptechs.h:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char isel[10]; /* Candidate selectors */
data/argyll-2.0.1+repack/spectro/dispwin.c:329:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/argyll-2.0.1+repack/spectro/dispwin.c:466:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/argyll-2.0.1+repack/spectro/dispwin.c:528:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[50], vbuf[50];
data/argyll-2.0.1+repack/spectro/dispwin.c:552:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(desc, "(unknown)");
data/argyll-2.0.1+repack/spectro/dispwin.c:576:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dnbuf[100];
data/argyll-2.0.1+repack/spectro/dispwin.c:582:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc1[100], desc2[200];
data/argyll-2.0.1+repack/spectro/dispwin.c:595:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dnbuf,".0");
data/argyll-2.0.1+repack/spectro/dispwin.c:606:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dnbuf,":0.0");
data/argyll-2.0.1+repack/spectro/dispwin.c:890:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pp,".%d",i);
data/argyll-2.0.1+repack/spectro/dispwin.c:910:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(desc1, "_ICC_PROFILE");
data/argyll-2.0.1+repack/spectro/dispwin.c:912:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(desc1, "_ICC_PROFILE_%d",disps[ndisps]->uscreen);
data/argyll-2.0.1+repack/spectro/dispwin.c:1046:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pp,".%d",0);
data/argyll-2.0.1+repack/spectro/dispwin.c:1048:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pp,".%d",i);
data/argyll-2.0.1+repack/spectro/dispwin.c:1081:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(desc1, "_ICC_PROFILE");
data/argyll-2.0.1+repack/spectro/dispwin.c:1083:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(desc1, "_ICC_PROFILE_%d",disps[i]->uscreen);
data/argyll-2.0.1+repack/spectro/dispwin.c:1090:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char edid_name[50];
data/argyll-2.0.1+repack/spectro/dispwin.c:1098:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(edid_name,"XFree86_DDC_EDID1_RAWDATA");
data/argyll-2.0.1+repack/spectro/dispwin.c:1100:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(edid_name,"XFree86_DDC_EDID2_RAWDATA");
data/argyll-2.0.1+repack/spectro/dispwin.c:1103:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(edid_name,"XFree86_DDC_EDID1_RAWDATA_%d",disps[i]->uscreen);
data/argyll-2.0.1+repack/spectro/dispwin.c:1105:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(edid_name,"XFree86_DDC_EDID2_RAWDATA_%d",disps[i]->uscreen);
data/argyll-2.0.1+repack/spectro/dispwin.c:1138:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(desc1,"Monitor %d",i+1);
data/argyll-2.0.1+repack/spectro/dispwin.c:1140:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(desc1,"Monitor %d",i+1);
data/argyll-2.0.1+repack/spectro/dispwin.c:1572:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)p)[0] = (char)(val >> 24);
data/argyll-2.0.1+repack/spectro/dispwin.c:1573:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)p)[1] = (char)(val >> 16);
data/argyll-2.0.1+repack/spectro/dispwin.c:1574:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)p)[2] = (char)(val >> 8);
data/argyll-2.0.1+repack/spectro/dispwin.c:1575:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)p)[3] = (char)(val);
data/argyll-2.0.1+repack/spectro/dispwin.c:1579:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)p)[0] = (char)(val >> 8);
data/argyll-2.0.1+repack/spectro/dispwin.c:1580:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)p)[1] = (char)(val);
data/argyll-2.0.1+repack/spectro/dispwin.c:2044:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ppath,".orig");
data/argyll-2.0.1+repack/spectro/dispwin.c:2184:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ppath,".orig");
data/argyll-2.0.1+repack/spectro/dispwin.c:2452:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fname,"rb")) == NULL)
data/argyll-2.0.1+repack/spectro/dispwin.c:2454:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fname,"r")) == NULL)
data/argyll-2.0.1+repack/spectro/dispwin.c:2573:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colpath[MAX_PATH];
data/argyll-2.0.1+repack/spectro/dispwin.c:2699:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uid = atoi(uids);
data/argyll-2.0.1+repack/spectro/dispwin.c:2700:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gid = atoi(gids);
data/argyll-2.0.1+repack/spectro/dispwin.c:2801:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dpath[FILENAME_MAX];
data/argyll-2.0.1+repack/spectro/dispwin.c:2940:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colpath[MAX_PATH];
data/argyll-2.0.1+repack/spectro/dispwin.c:3042:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uid = atoi(uids);
data/argyll-2.0.1+repack/spectro/dispwin.c:3043:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gid = atoi(gids);
data/argyll-2.0.1+repack/spectro/dispwin.c:3124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dpath[FILENAME_MAX];
data/argyll-2.0.1+repack/spectro/dispwin.c:3226:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_PATH];
data/argyll-2.0.1+repack/spectro/dispwin.c:3274:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(dpath, "r")) == NULL) {
data/argyll-2.0.1+repack/spectro/dispwin.c:3435:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aname[30];
data/argyll-2.0.1+repack/spectro/dispwin.c:3442:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(aname, "_ICC_PROFILE");
data/argyll-2.0.1+repack/spectro/dispwin.c:3465:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(aname, "_ICC_PROFILE_%d",p->myuscreen);
data/argyll-2.0.1+repack/spectro/dispwin.c:3697:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char emptyCursor[43] = {
data/argyll-2.0.1+repack/spectro/dispwin.c:4692:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->min_update_delay = atoi(cp);
data/argyll-2.0.1+repack/spectro/dispwin.c:4978:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/argyll-2.0.1+repack/spectro/dispwin.c:5167:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pp,".%d",disp->screen);
data/argyll-2.0.1+repack/spectro/dispwin.c:5582:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pmdata[1] = { 0 };
data/argyll-2.0.1+repack/spectro/dispwin.c:5849:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dnbuf[100];
data/argyll-2.0.1+repack/spectro/dispwin.c:5861:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dnbuf,".0");
data/argyll-2.0.1+repack/spectro/dispwin.c:5963:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char calname[MAXNAMEL+1] = "\000"; /* Calibration file name */
data/argyll-2.0.1+repack/spectro/dispwin.c:6225:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pcname[MAXNAMEL+1] = "\000"; /* CGATS patch color name */
data/argyll-2.0.1+repack/spectro/dispwin.c:6229:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sname[MAXNAMEL+1] = "\000"; /* Current cal save name */
data/argyll-2.0.1+repack/spectro/dispwin.c:6236:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char calname[MAXNAMEL+1] = "\000"; /* Calibration file name */
data/argyll-2.0.1+repack/spectro/dispwin.c:6275:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ddebug = atoi(na);
data/argyll-2.0.1+repack/spectro/dispwin.c:6289:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
webdisp = atoi(na+4);
data/argyll-2.0.1+repack/spectro/dispwin.c:6301:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ccdisp = atoi(na+3);
data/argyll-2.0.1+repack/spectro/dispwin.c:6320:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vtpgdisp = atoi(na+3);
data/argyll-2.0.1+repack/spectro/dispwin.c:6338:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ix = atoi(na);
data/argyll-2.0.1+repack/spectro/dispwin.c:6352:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ix = atoi(na);
data/argyll-2.0.1+repack/spectro/dispwin.c:6480:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ix = atoi(pp+1);
data/argyll-2.0.1+repack/spectro/dispwin.h:114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char monid[128]; /* Monitor ID */
data/argyll-2.0.1+repack/spectro/dispwin.h:247:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char monid[128]; /* Monitor ID (ie. 'Monitor\MEA1773\{4D36E96E-E325-11CE-BFC1-08002BE10318}\0015'*/
data/argyll-2.0.1+repack/spectro/dtp20.c:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tt[3];
data/argyll-2.0.1+repack/spectro/dtp20.c:158:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp20.c:226:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp20.c:333:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tp, "%02d",npatch);
data/argyll-2.0.1+repack/spectro/dtp20.c:348:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp20.c:450:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_RD_SIZE];
data/argyll-2.0.1+repack/spectro/dtp20.c:514:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tp, cmd[10];
data/argyll-2.0.1+repack/spectro/dtp20.c:520:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "%03d01TS\r",six);
data/argyll-2.0.1+repack/spectro/dtp20.c:618:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[200], *tp;
data/argyll-2.0.1+repack/spectro/dtp20.c:619:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_RD_SIZE];
data/argyll-2.0.1+repack/spectro/dtp20.c:861:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE], *tp;
data/argyll-2.0.1+repack/spectro/dtp20.c:956:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[10];
data/argyll-2.0.1+repack/spectro/dtp20.c:969:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "%03d01GM\r",p->savix);
data/argyll-2.0.1+repack/spectro/dtp20.c:1123:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[CALIDLEN] /* Condition identifier (ie. white reference ID) */
data/argyll-2.0.1+repack/spectro/dtp20.c:1126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp20.c:1552:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp20.c:1595:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp20.c:1619:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_RD_SIZE], *bp, *ep;
data/argyll-2.0.1+repack/spectro/dtp20.c:1676:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
strno = atoi(bp);
data/argyll-2.0.1+repack/spectro/dtp20.c:1693:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp22.c:66:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int comp_password(char *out, char *in, unsigned char key[4]);
data/argyll-2.0.1+repack/spectro/dtp22.c:66:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int comp_password(char *out, char *in, unsigned char key[4]);
data/argyll-2.0.1+repack/spectro/dtp22.c:66:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int comp_password(char *out, char *in, unsigned char key[4]);
data/argyll-2.0.1+repack/spectro/dtp22.c:81:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[4];
data/argyll-2.0.1+repack/spectro/dtp22.c:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tt[3];
data/argyll-2.0.1+repack/spectro/dtp22.c:152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp22.c:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp22.c:178:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *brc[5] = { "30BR\r", "60BR\r", "18BR\r", "0CBR\r", "06BR\r" };
data/argyll-2.0.1+repack/spectro/dtp22.c:290:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE], *bp;
data/argyll-2.0.1+repack/spectro/dtp22.c:360:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->serno = atoi(bp);
data/argyll-2.0.1+repack/spectro/dtp22.c:366:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->oemsn = atoi(bp);
data/argyll-2.0.1+repack/spectro/dtp22.c:372:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->plaqueno = atoi(bp);
data/argyll-2.0.1+repack/spectro/dtp22.c:457:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_RD_SIZE];
data/argyll-2.0.1+repack/spectro/dtp22.c:458:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[50];
data/argyll-2.0.1+repack/spectro/dtp22.c:485:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf2, "VD\r");
data/argyll-2.0.1+repack/spectro/dtp22.c:664:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[CALIDLEN] /* Condition identifier (ie. white reference ID) */
data/argyll-2.0.1+repack/spectro/dtp22.c:667:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_RD_SIZE];
data/argyll-2.0.1+repack/spectro/dtp22.c:709:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(id, "%d",p->plaqueno);
data/argyll-2.0.1+repack/spectro/dtp22.c:990:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp22.c:1156:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int comp_password(char *out, char *in, unsigned char key[4]) {
data/argyll-2.0.1+repack/spectro/dtp22.c:1156:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int comp_password(char *out, char *in, unsigned char key[4]) {
data/argyll-2.0.1+repack/spectro/dtp22.c:1156:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int comp_password(char *out, char *in, unsigned char key[4]) {
data/argyll-2.0.1+repack/spectro/dtp22.c:1173:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(out, "%04x", outv);
data/argyll-2.0.1+repack/spectro/dtp22.h:91:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[4]; /* Challenge/response key */
data/argyll-2.0.1+repack/spectro/dtp41.c:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tt[3];
data/argyll-2.0.1+repack/spectro/dtp41.c:130:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp41.c:154:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp41.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *brc[9] = { "9600BR\r", "19200BR\r", "38400BR\r", "57600BR\r",
data/argyll-2.0.1+repack/spectro/dtp41.c:280:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tp, "%03d",npatch);
data/argyll-2.0.1+repack/spectro/dtp41.c:284:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tp, "%05.2f",pwid);
data/argyll-2.0.1+repack/spectro/dtp41.c:290:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tp, "%05.2f",gwid);
data/argyll-2.0.1+repack/spectro/dtp41.c:306:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tp, "%04.0f",twid);
data/argyll-2.0.1+repack/spectro/dtp41.c:322:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tbuf[100], buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp41.c:455:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tbuf, "%02x15CF\r", p->nstaticr);
data/argyll-2.0.1+repack/spectro/dtp41.c:496:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[200], *tp;
data/argyll-2.0.1+repack/spectro/dtp41.c:497:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_RD_SIZE];
data/argyll-2.0.1+repack/spectro/dtp41.c:679:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_RD_SIZE];
data/argyll-2.0.1+repack/spectro/dtp41.c:912:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[CALIDLEN] /* Condition identifier (ie. white reference ID) */
data/argyll-2.0.1+repack/spectro/dtp41.c:1124:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp41.c:1174:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp41.c:1265:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp51.c:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tt[3];
data/argyll-2.0.1+repack/spectro/dtp51.c:132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp51.c:172:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp51.c:188:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp51.c:190:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *brc[5] = { "30BR\r", "60BR\r", "18BR\r", "0CBR\r", "06BR\r" };
data/argyll-2.0.1+repack/spectro/dtp51.c:358:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tbuf[100], buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp51.c:477:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[200], *tp;
data/argyll-2.0.1+repack/spectro/dtp51.c:478:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_RD_SIZE];
data/argyll-2.0.1+repack/spectro/dtp51.c:599:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[CALIDLEN] /* Condition identifier (ie. white reference ID) */
data/argyll-2.0.1+repack/spectro/dtp51.c:864:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp92.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tt[3];
data/argyll-2.0.1+repack/spectro/dtp92.c:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp92.c:178:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp92.c:180:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *brc[5] = { "30BR\r", "60BR\r", "18BR\r", "0CBR\r", "06BR\r" };
data/argyll-2.0.1+repack/spectro/dtp92.c:345:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[100];
data/argyll-2.0.1+repack/spectro/dtp92.c:355:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tbuf,"%05dSD\r",(int)(odv * 100000));
data/argyll-2.0.1+repack/spectro/dtp92.c:388:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp92.c:511:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tb[50];
data/argyll-2.0.1+repack/spectro/dtp92.c:514:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tb,"%04xRN\r",i);
data/argyll-2.0.1+repack/spectro/dtp92.c:563:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_RD_SIZE];
data/argyll-2.0.1+repack/spectro/dtp92.c:675:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_RD_SIZE];
data/argyll-2.0.1+repack/spectro/dtp92.c:676:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[MAX_RD_SIZE];
data/argyll-2.0.1+repack/spectro/dtp92.c:794:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[CALIDLEN] /* Condition identifier (ie. white reference ID) */
data/argyll-2.0.1+repack/spectro/dtp92.c:797:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_RD_SIZE];
data/argyll-2.0.1+repack/spectro/dtp92.c:880:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_RD_SIZE];
data/argyll-2.0.1+repack/spectro/dtp92.c:881:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[MAX_RD_SIZE];
data/argyll-2.0.1+repack/spectro/dtp92.c:1227:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/dtp92.c:1375:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/ex1.c:709:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[CALIDLEN] /* Condition identifier (ie. white reference ID) */
data/argyll-2.0.1+repack/spectro/ex1.c:1258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100]; /* Name */
data/argyll-2.0.1+repack/spectro/ex1.c:1304:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100]; /* Name */
data/argyll-2.0.1+repack/spectro/ex1.c:1376:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100]; /* Name */
data/argyll-2.0.1+repack/spectro/ex1.c:1679:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 24, in, ilen);
data/argyll-2.0.1+repack/spectro/ex1.c:1693:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 44, in, ilen);
data/argyll-2.0.1+repack/spectro/ex1.c:1818:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, buf + 24, imdatlen);
data/argyll-2.0.1+repack/spectro/ex1.c:1852:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, buf + 44, pll);
data/argyll-2.0.1+repack/spectro/ex1.c:1924:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8096];
data/argyll-2.0.1+repack/spectro/fakeread.c:118:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sepname[MAXNAMEL+1] = { 0 }; /* ICC separation profile */
data/argyll-2.0.1+repack/spectro/fakeread.c:119:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char calname[MAXNAMEL+1] = { 0 }; /* device calibration */
data/argyll-2.0.1+repack/spectro/fakeread.c:120:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char profname[MAXNAMEL+1] = { 0 }; /* ICC or MPP Profile name */
data/argyll-2.0.1+repack/spectro/fakeread.c:121:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char inname[MAXNAMEL+1] = { 0 }; /* Input cgats file base name */
data/argyll-2.0.1+repack/spectro/fakeread.c:122:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char outname[MAXNAMEL+3] = { 0 }; /* Output cgats file base name */
data/argyll-2.0.1+repack/spectro/fakeread.c:123:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char odispname[MAXNAMEL+1] = { 0 }; /* BT.1886 display profile name */
data/argyll-2.0.1+repack/spectro/fakeread.c:182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xyzfname[3] = { "XYZ_X", "XYZ_Y", "XYZ_Z" };
data/argyll-2.0.1+repack/spectro/fakeread.c:183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *labfname[3] = { "LAB_L", "LAB_A", "LAB_B" };
data/argyll-2.0.1+repack/spectro/fakeread.c:218:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verb = atoi(na);
data/argyll-2.0.1+repack/spectro/fakeread.c:271:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qbits = atoi(na);
data/argyll-2.0.1+repack/spectro/fakeread.c:431:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(inname,".ti3");
data/argyll-2.0.1+repack/spectro/fakeread.c:433:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(inname,".ti1");
data/argyll-2.0.1+repack/spectro/fakeread.c:436:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outname,"_r");
data/argyll-2.0.1+repack/spectro/fakeread.c:437:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outname,".ti3");
data/argyll-2.0.1+repack/spectro/fakeread.c:723:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100];
data/argyll-2.0.1+repack/spectro/fakeread.c:749:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/spectro/fakeread.c:751:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spec_n = atoi(ti3->t[0].kdata[ti]);
data/argyll-2.0.1+repack/spectro/fakeread.c:767:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d",nm);
data/argyll-2.0.1+repack/spectro/fakeread.c:1058:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100];
data/argyll-2.0.1+repack/spectro/fakeread.c:1093:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/spectro/fakeread.c:1096:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d", spec_n);
data/argyll-2.0.1+repack/spectro/fakeread.c:1098:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f", spec_wl_short);
data/argyll-2.0.1+repack/spectro/fakeread.c:1100:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f", spec_wl_long);
data/argyll-2.0.1+repack/spectro/fakeread.c:1111:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d",nm);
data/argyll-2.0.1+repack/spectro/fakeread.c:1117:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100];
data/argyll-2.0.1+repack/spectro/hcfr.c:124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/hcfr.c:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[2];
data/argyll-2.0.1+repack/spectro/hcfr.c:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/hcfr.c:191:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[2];
data/argyll-2.0.1+repack/spectro/hcfr.c:192:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE], *bp;
data/argyll-2.0.1+repack/spectro/hcfr.c:193:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[4];
data/argyll-2.0.1+repack/spectro/hcfr.c:234:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
strncpy(vbuf, bp, 3); div = (double)atoi(vbuf); bp += 3;
data/argyll-2.0.1+repack/spectro/hcfr.c:236:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
strncpy(vbuf, bp, 3); mul = (double)atoi(vbuf); bp += 3;
data/argyll-2.0.1+repack/spectro/hcfr.c:242:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
strncpy(vbuf, bp, 3); den = atoi(vbuf); bp += 3;
data/argyll-2.0.1+repack/spectro/hcfr.c:243:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
strncpy(vbuf, bp, 3); den = (den << 8) + atoi(vbuf); bp += 3;
data/argyll-2.0.1+repack/spectro/hcfr.c:244:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
strncpy(vbuf, bp, 3); den = (den << 8) + atoi(vbuf); bp += 3;
data/argyll-2.0.1+repack/spectro/hcfr.c:245:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
strncpy(vbuf, bp, 3); den = (den << 8) + atoi(vbuf); bp += 3;
data/argyll-2.0.1+repack/spectro/hcfr.c:247:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
strncpy(vbuf, bp, 3); num = atoi(vbuf); bp += 3;
data/argyll-2.0.1+repack/spectro/hcfr.c:248:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
strncpy(vbuf, bp, 3); num = (num << 8) + atoi(vbuf); bp += 3;
data/argyll-2.0.1+repack/spectro/hcfr.c:408:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/hidio.c:158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buf[DIDD_BUFSIZE];
data/argyll-2.0.1+repack/spectro/hidio.c:204:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, buf[20];
data/argyll-2.0.1+repack/spectro/hidio.c:213:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, cp + 4, 4);
data/argyll-2.0.1+repack/spectro/hidio.c:223:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, cp + 4, 4);
data/argyll-2.0.1+repack/spectro/hidio.c:239:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[400];
data/argyll-2.0.1+repack/spectro/hidio.c:335:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[400];
data/argyll-2.0.1+repack/spectro/hidio.c:410:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[400];
data/argyll-2.0.1+repack/spectro/hidio.c:465:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dpath[PATH_MAX];
data/argyll-2.0.1+repack/spectro/hidio.c:473:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(dpath, O_RDONLY)) >= 0) {
data/argyll-2.0.1+repack/spectro/hidio.c:612:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*p->hidd->device)->open(p->hidd->device, kIOHIDOptionsTypeSeizeDevice)
data/argyll-2.0.1+repack/spectro/hidio.c:882:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, p->hidd->rbuf, bread > HID_RBUF_SIZE ? HID_RBUF_SIZE : bread);
data/argyll-2.0.1+repack/spectro/hidio.h:79:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rbuf[HID_RBUF_SIZE]; /* Buffer for read callback */
data/argyll-2.0.1+repack/spectro/huey.c:123:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[40]; /* Fallback string */
data/argyll-2.0.1+repack/spectro/huey.c:154:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Unknown %02x",cc);
data/argyll-2.0.1+repack/spectro/huey.c:174:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8]; /* 8 bytes to write/read */
data/argyll-2.0.1+repack/spectro/huey.c:306:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8];
data/argyll-2.0.1+repack/spectro/huey.c:414:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibuf[8], obuf[8];
data/argyll-2.0.1+repack/spectro/huey.c:481:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8];
data/argyll-2.0.1+repack/spectro/huey.c:501:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/argyll-2.0.1+repack/spectro/huey.c:524:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibuf[8];
data/argyll-2.0.1+repack/spectro/huey.c:525:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char obuf[8];
data/argyll-2.0.1+repack/spectro/huey.c:560:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibuf[16];
data/argyll-2.0.1+repack/spectro/huey.c:561:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char obuf[16];
data/argyll-2.0.1+repack/spectro/huey.c:600:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibuf[16];
data/argyll-2.0.1+repack/spectro/huey.c:601:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char obuf[16];
data/argyll-2.0.1+repack/spectro/huey.c:753:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibuf[16];
data/argyll-2.0.1+repack/spectro/huey.c:754:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char obuf[16];
data/argyll-2.0.1+repack/spectro/huey.c:808:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibuf[8];
data/argyll-2.0.1+repack/spectro/huey.c:809:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char obuf[8];
data/argyll-2.0.1+repack/spectro/huey.c:876:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8];
data/argyll-2.0.1+repack/spectro/huey.c:896:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)buf,"huyL");
data/argyll-2.0.1+repack/spectro/huey.c:898:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)buf,"GrMb");
data/argyll-2.0.1+repack/spectro/huey.c:1049:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8];
data/argyll-2.0.1+repack/spectro/huey.h:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unlk_string[5]; /* Unlock string */
data/argyll-2.0.1+repack/spectro/i1d3.c:143:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[40]; /* Fallback string */
data/argyll-2.0.1+repack/spectro/i1d3.c:180:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Unknown %04x",cc);
data/argyll-2.0.1+repack/spectro/i1d3.c:416:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char todev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:417:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fromdev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:442:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char todev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:443:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fromdev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:467:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char todev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:468:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fromdev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:490:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char todev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:491:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fromdev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:513:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char todev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:514:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fromdev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:536:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char todev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:537:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fromdev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:559:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char todev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:560:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fromdev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:586:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char todev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:587:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fromdev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:671:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char todev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:672:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fromdev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:698:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char todev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:699:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fromdev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:741:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char todev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:742:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fromdev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:791:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char todev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:792:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fromdev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:842:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char todev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:843:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fromdev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:879:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char todev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:880:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fromdev[64];
data/argyll-2.0.1+repack/spectro/i1d3.c:2578:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8192];
data/argyll-2.0.1+repack/spectro/i1d3.c:2971:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[CALIDLEN] /* Condition identifier (ie. white reference ID) */
data/argyll-2.0.1+repack/spectro/i1d3.c:4109:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sc[8], sr[16]; /* Sub-challeng and response */
data/argyll-2.0.1+repack/spectro/i1d3.h:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial_no[21]; /* "I1-11.A-01.100999.02" or "CM-11.A-01.100999.02" */
data/argyll-2.0.1+repack/spectro/i1d3.h:121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vers_no[11]; /* "A-01", "A-02" */
data/argyll-2.0.1+repack/spectro/i1d3.h:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prod_name[32]; /* "i1Display3 " or "ColorMunki Display" */
data/argyll-2.0.1+repack/spectro/i1d3.h:125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char firm_ver[32]; /* Firmwar version string. ie. "v1.0 " */
data/argyll-2.0.1+repack/spectro/i1d3.h:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char firm_date[32]; /* Firmwar date string. ie. "11Jan11" */
data/argyll-2.0.1+repack/spectro/i1disp.c:154:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8]; /* 8 bytes to read */
data/argyll-2.0.1+repack/spectro/i1disp.c:276:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c, buf[16];
data/argyll-2.0.1+repack/spectro/i1disp.c:391:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibuf[16], obuf[16];
data/argyll-2.0.1+repack/spectro/i1disp.c:483:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibuf[16];
data/argyll-2.0.1+repack/spectro/i1disp.c:484:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char obuf[16];
data/argyll-2.0.1+repack/spectro/i1disp.c:516:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outp + ooff, obuf + 1, rlen);
data/argyll-2.0.1+repack/spectro/i1disp.c:530:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/argyll-2.0.1+repack/spectro/i1disp.c:552:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/argyll-2.0.1+repack/spectro/i1disp.c:570:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/argyll-2.0.1+repack/spectro/i1disp.c:598:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibuf[16];
data/argyll-2.0.1+repack/spectro/i1disp.c:599:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char obuf[16];
data/argyll-2.0.1+repack/spectro/i1disp.c:737:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibuf[16];
data/argyll-2.0.1+repack/spectro/i1disp.c:738:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char obuf[16];
data/argyll-2.0.1+repack/spectro/i1disp.c:795:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibuf[16];
data/argyll-2.0.1+repack/spectro/i1disp.c:796:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char obuf[16];
data/argyll-2.0.1+repack/spectro/i1disp.c:1406:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/argyll-2.0.1+repack/spectro/i1disp.c:1413:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char code[4];
data/argyll-2.0.1+repack/spectro/i1disp.c:1762:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/argyll-2.0.1+repack/spectro/i1disp.c:1818:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[0x200];
data/argyll-2.0.1+repack/spectro/i1disp.c:1837:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[0x200];
data/argyll-2.0.1+repack/spectro/i1disp.c:2020:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[CALIDLEN] /* Condition identifier (ie. white reference ID) */
data/argyll-2.0.1+repack/spectro/i1disp.h:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reg122_B[5]; /* Unlock string */
data/argyll-2.0.1+repack/spectro/i1disp.h:178:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serno[20]; /* Ascii serial number */
data/argyll-2.0.1+repack/spectro/i1pro.c:335:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[CALIDLEN] /* Condition identifier (ie. white reference ID) */
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:591:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(m->sserno,"%ud",m->serno);
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:688:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oline[200] = { '\000' }, *bp = oline;
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:690:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp,"Normal non-lin =");
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:692:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp," %1.10f",m->lin0[i]);
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:697:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp,"High Gain non-lin =");
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:699:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp," %1.10f",m->lin1[i]);
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:1593:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[CALIDLEN] /* Condition identifier (ie. white reference ID) */
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:2486:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(id, "%d",m->serno);
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:2503:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(id, "%d",m->serno);
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:2567:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(id, "Warning: Transmission light source is too low for accuracy!");
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:2570:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(id, "Warning: Transmission light source is low at some wavelengths!");
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:3924:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[256];
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:4293:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nmode[10];
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:4294:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cal_name[100]; /* Name */
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:4312:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cal_name, "ArgyllCMS/.i1p_%d.cal", m->serno);
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:4322:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
|| (fp = fopen(cal_paths[0], nmode)) == NULL) {
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:4418:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nmode[10];
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:4419:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cal_name[100]; /* Name */
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:4436:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cal_name, "ArgyllCMS/.i1p_%d.cal" SSEPS "color/.i1p_%d.cal", m->serno, m->serno);
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:4457:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(cal_paths[0], nmode)) == NULL) {
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:4753:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cal_name[100]; /* Name */
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:4759:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cal_name, "ArgyllCMS/.i1p_%d.cal" SSEPS "color/.i1p_%d.cal", m->serno, m->serno);
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:4966:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("i1pddump.txt", "a")) == NULL)
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:5454:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("i1pdump.txt", "w")) == NULL)
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:5550:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("i1pdump.txt", "r")) == NULL) {
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:5551:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("i1pdump.txt", "w")) == NULL)
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:5560:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("i1pdump.txt", "a")) == NULL) {
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:7055:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100];
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:7058:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fname, "i1pro_raw_trimed_%d.csv",filen++);
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:7060:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fname, "w")) == NULL)
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11005:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[2]; /* 1 or 2 bytes to write */
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11050:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[8]; /* Write EEprom parameters */
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11091:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oline[100], *bp = oline;
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11094:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp," %04x:",i);
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11095:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp," %02x",buf[i]);
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11120:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[8]; /* Write EEprom parameters */
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11135:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oline[100], *bp = oline;
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11138:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp," %04x:",i);
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11139:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp," %02x",buf[i]);
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11222:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[8]; /* status bytes read */
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11271:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[8]; /* status bytes read */
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11332:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[8]; /* command bytes written */
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11588:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tbuf[NSEN_MAX * 2];
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11623:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oline[100], *bp = oline;
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11626:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp," %04x:",i);
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11627:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp," %02x",ibuf[i]);
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11654:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[1]; /* 1 bytes to write */
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11693:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[8]; /* status bytes read */
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11739:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8]; /* Result */
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11780:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8]; /* Result */
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11821:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[8]; /* 8 bytes to write */
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11862:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4]; /* Result */
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11892:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char chipid[8]
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11923:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16]; /* Result */
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11966:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[14]; /* 14 bytes to write */
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:12051:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4]; /* Result */
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:12086:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[2]; /* 2 bytes to write */
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:12140:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[4]; /* Number of bytes being send */
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:12867:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oline[100], *bp = oline;
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:12872:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp," %04x:",i);
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:12873:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp," %02x",buf[off + i]);
data/argyll-2.0.1+repack/spectro/i1pro_imp.h:223:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char chipid[8]; /* HW serial number - Rev E */
data/argyll-2.0.1+repack/spectro/i1pro_imp.h:242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sserno[14]; /* serial number as string */
data/argyll-2.0.1+repack/spectro/i1pro_imp.h:478:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[100] /* Condition identifier (ie. white reference ID) */
data/argyll-2.0.1+repack/spectro/i1pro_imp.h:1055:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char chipid[8]
data/argyll-2.0.1+repack/spectro/icoms.c:306:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[400], *cp;
data/argyll-2.0.1+repack/spectro/icoms.c:759:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[500];
data/argyll-2.0.1+repack/spectro/icoms.c:996:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf[3][10005];
data/argyll-2.0.1+repack/spectro/icoms.c:1003:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)buf[ix],"(null)");
data/argyll-2.0.1+repack/spectro/icoms.c:1003:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strcpy((char *)buf[ix],"(null)");
data/argyll-2.0.1+repack/spectro/icoms.c:1004:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
return (char *)buf[ix];
data/argyll-2.0.1+repack/spectro/icoms.c:1025:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
return (char *)buf[ix];
data/argyll-2.0.1+repack/spectro/icoms.c:1031:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64 * 3 + 10];
data/argyll-2.0.1+repack/spectro/icoms.c:1041:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(d, " ...");
data/argyll-2.0.1+repack/spectro/icoms_nt.c:51:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valname[MXKSIZE], *vp;
data/argyll-2.0.1+repack/spectro/icoms_nt.c:54:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MXVSIZE];
data/argyll-2.0.1+repack/spectro/icoms_nt.c:239:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100]; /* Temporary for COM device path */
data/argyll-2.0.1+repack/spectro/icoms_ux.c:91:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[200];
data/argyll-2.0.1+repack/spectro/icoms_ux.c:271:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(dpath, O_RDONLY | O_NOCTTY | O_NONBLOCK)) < 0) {
data/argyll-2.0.1+repack/spectro/icoms_ux.c:439:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((p->fd = open(p->spath, O_RDWR | O_NOCTTY )) < 0) {
data/argyll-2.0.1+repack/spectro/illumread.c:291:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outname[MAXNAMEL+1] = "\000"; /* Spectral output file name */
data/argyll-2.0.1+repack/spectro/illumread.c:294:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[MAXNAMEL+11] = "\000", *tnp; /* Test mode file names */
data/argyll-2.0.1+repack/spectro/illumread.c:362:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
comno = atoi(na);
data/argyll-2.0.1+repack/spectro/illumread.c:410:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug = atoi(na);
data/argyll-2.0.1+repack/spectro/illumread.c:433:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tnp, "_i.sp");
data/argyll-2.0.1+repack/spectro/illumread.c:438:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tnp, "_r.sp");
data/argyll-2.0.1+repack/spectro/illumread.c:443:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tnp, "_p.sp");
data/argyll-2.0.1+repack/spectro/illumread.c:927:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tnp, "_i.sp");
data/argyll-2.0.1+repack/spectro/illumread.c:933:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tnp, "_r.sp");
data/argyll-2.0.1+repack/spectro/illumread.c:945:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tnp, "_p.sp");
data/argyll-2.0.1+repack/spectro/illumread.c:1134:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tnp, "_mpir.sp"); // Measured paper under illuminant spectrum
data/argyll-2.0.1+repack/spectro/illumread.c:1136:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tnp, "_cpir.sp"); // Computed paper under illuminant spectrum
data/argyll-2.0.1+repack/spectro/inflate.c:517:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(slide + w, slide + d, e);
data/argyll-2.0.1+repack/spectro/inst.c:381:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[CALIDLEN]) { /* Condition identifier (ie. white reference ID, filter ID) */
data/argyll-2.0.1+repack/spectro/inst.c:902:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usels[256]; /* Used selectors 1 */
data/argyll-2.0.1+repack/spectro/inst.c:1217:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(pp, " (");
data/argyll-2.0.1+repack/spectro/inst.c:1349:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(pp, " (");
data/argyll-2.0.1+repack/spectro/inst.c:1421:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSZ];
data/argyll-2.0.1+repack/spectro/inst.c:1759:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSZ];
data/argyll-2.0.1+repack/spectro/inst.c:1794:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSZ];
data/argyll-2.0.1+repack/spectro/inst.c:1849:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSZ];
data/argyll-2.0.1+repack/spectro/inst.c:2098:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void inst_mode_to_sym(char sym[MAX_INST_MODE_SYM_SZ], inst_mode mode) {
data/argyll-2.0.1+repack/spectro/inst.h:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc[ICOM_MAX_LOC_LEN]; /* patch location */
data/argyll-2.0.1+repack/spectro/inst.h:293:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void inst_mode_to_sym(char sym[MAX_INST_MODE_SYM_SZ], inst_mode mode);
data/argyll-2.0.1+repack/spectro/inst.h:411:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sel[INST_DTYPE_SEL_LEN]; /* String of selector character aliases */
data/argyll-2.0.1+repack/spectro/inst.h:412:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[INST_DTYPE_DESC_LEN]; /* Textural description */
data/argyll-2.0.1+repack/spectro/inst.h:419:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char isel[INST_DTYPE_SEL_LEN]; /* String of potential selector characters */
data/argyll-2.0.1+repack/spectro/inst.h:979:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[CALIDLEN]); /* Condition identifier (ie. white */ \
data/argyll-2.0.1+repack/spectro/instappsup.c:178:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[200]; /* Condition identifier */
data/argyll-2.0.1+repack/spectro/instappsup.c:431:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200], *bp;
data/argyll-2.0.1+repack/spectro/instappsup.c:432:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extra[40];
data/argyll-2.0.1+repack/spectro/instappsup.c:499:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(extra, " [");
data/argyll-2.0.1+repack/spectro/instappsup.c:501:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(extra, "Default");
data/argyll-2.0.1+repack/spectro/instappsup.c:506:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(extra + strlen(extra), "CB%d",sels[j].cbid);
data/argyll-2.0.1+repack/spectro/instappsup.c:580:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5];
data/argyll-2.0.1+repack/spectro/kleink10.c:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tt[MAXECHARS+1];
data/argyll-2.0.1+repack/spectro/kleink10.c:214:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[10];
data/argyll-2.0.1+repack/spectro/kleink10.c:355:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/kleink10.c:466:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mes[100];
data/argyll-2.0.1+repack/spectro/kleink10.c:467:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/kleink10.c:716:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[3];
data/argyll-2.0.1+repack/spectro/kleink10.c:717:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/kleink10.c:841:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_RD_SIZE];
data/argyll-2.0.1+repack/spectro/kleink10.c:843:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[21];
data/argyll-2.0.1+repack/spectro/kleink10.c:875:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (((unsigned char *)name)[0] == 0xff) {
data/argyll-2.0.1+repack/spectro/kleink10.c:878:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "Fake_%d",ix);
data/argyll-2.0.1+repack/spectro/kleink10.c:922:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/kleink10.c:966:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mes[4] = "JX\r";
data/argyll-2.0.1+repack/spectro/kleink10.c:967:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/kleink10.c:1143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xtra[32];
data/argyll-2.0.1+repack/spectro/kleink10.c:1221:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_RD_SIZE];
data/argyll-2.0.1+repack/spectro/kleink10.c:1894:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/kleink10.c:1938:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mes[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/kleink10.c:2149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mes[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/kleink10.c:2270:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[CALIDLEN] /* Condition identifier (ie. white reference ID) */
data/argyll-2.0.1+repack/spectro/kleink10.c:2756:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/kleink10.h:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial_no[21]; /* Serial number */
data/argyll-2.0.1+repack/spectro/kleink10.h:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char firm_ver[21]; /* Firmware version number */
data/argyll-2.0.1+repack/spectro/madvrwin.c:462:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *options[3];
data/argyll-2.0.1+repack/spectro/madvrwin.c:463:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[50];
data/argyll-2.0.1+repack/spectro/madvrwin.c:543:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/argyll-2.0.1+repack/spectro/madvrwin.c:545:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"ArgyllCMS Patches");
data/argyll-2.0.1+repack/spectro/mongoose.c:202:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_name[PATH_MAX];
data/argyll-2.0.1+repack/spectro/mongoose.c:248:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define mg_fopen(x, y) fopen(x, y)
data/argyll-2.0.1+repack/spectro/mongoose.c:373:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *, int)) ssl_sw[11].ptr)
data/argyll-2.0.1+repack/spectro/mongoose.c:375:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *, int)) ssl_sw[12].ptr)
data/argyll-2.0.1+repack/spectro/mongoose.c:381:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(* (int (*)(SSL_CTX *, const char *)) ssl_sw[16].ptr)
data/argyll-2.0.1+repack/spectro/mongoose.c:386:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(* (void (*)(void (*)(int, int, const char *, int))) crypto_sw[1].ptr)
data/argyll-2.0.1+repack/spectro/mongoose.c:390:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define ERR_error_string (* (char * (*)(unsigned long,char *)) crypto_sw[4].ptr)
data/argyll-2.0.1+repack/spectro/mongoose.c:390:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define ERR_error_string (* (char * (*)(unsigned long,char *)) crypto_sw[4].ptr)
data/argyll-2.0.1+repack/spectro/mongoose.c:512:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *config[NUM_OPTIONS]; // Mongoose configuration parameters
data/argyll-2.0.1+repack/spectro/mongoose.c:619:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MG_BUF_LEN], src_addr[20];
data/argyll-2.0.1+repack/spectro/mongoose.c:939:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MG_BUF_LEN];
data/argyll-2.0.1+repack/spectro/mongoose.c:1032:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX], buf2[PATH_MAX], *p;
data/argyll-2.0.1+repack/spectro/mongoose.c:1059:5: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, buf, -1, wbuf, (int) wbuf_len);
data/argyll-2.0.1+repack/spectro/mongoose.c:1125:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t woldbuf[PATH_MAX];
data/argyll-2.0.1+repack/spectro/mongoose.c:1126:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wnewbuf[PATH_MAX];
data/argyll-2.0.1+repack/spectro/mongoose.c:1136:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wbuf[PATH_MAX], wmode[20];
data/argyll-2.0.1+repack/spectro/mongoose.c:1139:3: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, mode, -1, wmode, ARRAY_SIZE(wmode));
data/argyll-2.0.1+repack/spectro/mongoose.c:1146:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wbuf[PATH_MAX];
data/argyll-2.0.1+repack/spectro/mongoose.c:1164:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wbuf[PATH_MAX];
data/argyll-2.0.1+repack/spectro/mongoose.c:1170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/argyll-2.0.1+repack/spectro/mongoose.c:1171:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wbuf[PATH_MAX];
data/argyll-2.0.1+repack/spectro/mongoose.c:1185:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wpath[PATH_MAX];
data/argyll-2.0.1+repack/spectro/mongoose.c:1197:14: [2] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
(void) wcscat(wpath, L"\\*");
data/argyll-2.0.1+repack/spectro/mongoose.c:1257:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wbuf[PATH_MAX];
data/argyll-2.0.1+repack/spectro/mongoose.c:1275:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, *interp, full_interp[PATH_MAX], cmdline[PATH_MAX], buf[PATH_MAX];
data/argyll-2.0.1+repack/spectro/mongoose.c:1530:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, body, (size_t) buffered_len);
data/argyll-2.0.1+repack/spectro/mongoose.c:1595:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mem[MG_BUF_LEN], *buf = mem;
data/argyll-2.0.1+repack/spectro/mongoose.c:1845:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char month_str[32];
data/argyll-2.0.1+repack/spectro/mongoose.c:1989:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[64];
data/argyll-2.0.1+repack/spectro/mongoose.c:2123:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buf, len);
data/argyll-2.0.1+repack/spectro/mongoose.c:2126:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buf, t);
data/argyll-2.0.1+repack/spectro/mongoose.c:2134:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->in, buf, 64);
data/argyll-2.0.1+repack/spectro/mongoose.c:2141:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->in, buf, len);
data/argyll-2.0.1+repack/spectro/mongoose.c:2144:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void MD5Final(unsigned char digest[16], MD5_CTX *ctx) {
data/argyll-2.0.1+repack/spectro/mongoose.c:2168:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, ctx->buf, 16);
data/argyll-2.0.1+repack/spectro/mongoose.c:2186:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mg_md5(char buf[33], ...) {
data/argyll-2.0.1+repack/spectro/mongoose.c:2187:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[16];
data/argyll-2.0.1+repack/spectro/mongoose.c:2208:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ha2[32 + 1], expected_response[32 + 1];
data/argyll-2.0.1+repack/spectro/mongoose.c:2236:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PATH_MAX];
data/argyll-2.0.1+repack/spectro/mongoose.c:2336:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256], f_user[256], ha1[256], f_domain[256], buf[MG_BUF_LEN];
data/argyll-2.0.1+repack/spectro/mongoose.c:2362:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[PATH_MAX];
data/argyll-2.0.1+repack/spectro/mongoose.c:2423:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512], u[512], d[512], ha1[33], tmp[PATH_MAX];
data/argyll-2.0.1+repack/spectro/mongoose.c:2510:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size[64], mod[64], href[PATH_MAX];
data/argyll-2.0.1+repack/spectro/mongoose.c:2579:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/argyll-2.0.1+repack/spectro/mongoose.c:2693:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MG_BUF_LEN];
data/argyll-2.0.1+repack/spectro/mongoose.c:2735:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[64], lm[64], etag[64], range[64];
data/argyll-2.0.1+repack/spectro/mongoose.c:2942:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char etag[64];
data/argyll-2.0.1+repack/spectro/mongoose.c:2953:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MG_BUF_LEN];
data/argyll-2.0.1+repack/spectro/mongoose.c:3018:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CGI_ENVIRONMENT_SIZE]; // Environment buffer
data/argyll-2.0.1+repack/spectro/mongoose.c:3020:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *vars[MAX_CGI_ENVIR_VARS]; // char **envp
data/argyll-2.0.1+repack/spectro/mongoose.c:3066:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, src_addr[20];
data/argyll-2.0.1+repack/spectro/mongoose.c:3172:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16384], *pbuf, dir[PATH_MAX], *p;
data/argyll-2.0.1+repack/spectro/mongoose.c:3253:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
conn->status_code = atoi(status);
data/argyll-2.0.1+repack/spectro/mongoose.c:3313:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/argyll-2.0.1+repack/spectro/mongoose.c:3324:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, path, len);
data/argyll-2.0.1+repack/spectro/mongoose.c:3380:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[MG_BUF_LEN], path[PATH_MAX], *p;
data/argyll-2.0.1+repack/spectro/mongoose.c:3423:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[MG_BUF_LEN];
data/argyll-2.0.1+repack/spectro/mongoose.c:3439:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MG_BUF_LEN];
data/argyll-2.0.1+repack/spectro/mongoose.c:3532:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtime[64];
data/argyll-2.0.1+repack/spectro/mongoose.c:3553:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char href[PATH_MAX];
data/argyll-2.0.1+repack/spectro/mongoose.c:3615:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64];
data/argyll-2.0.1+repack/spectro/mongoose.c:3618:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void SHA1Transform(uint32_t state[5], const unsigned char buffer[64]) {
data/argyll-2.0.1+repack/spectro/mongoose.c:3620:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef union { unsigned char c[64]; uint32_t l[16]; } CHAR64LONG16;
data/argyll-2.0.1+repack/spectro/mongoose.c:3623:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block, buffer, 64);
data/argyll-2.0.1+repack/spectro/mongoose.c:3677:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[j], data, (i = 64-j));
data/argyll-2.0.1+repack/spectro/mongoose.c:3685:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[j], &data[i], len - i);
data/argyll-2.0.1+repack/spectro/mongoose.c:3688:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void SHA1Final(unsigned char digest[20], SHA1_CTX* context) {
data/argyll-2.0.1+repack/spectro/mongoose.c:3690:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char finalcount[8], c;
data/argyll-2.0.1+repack/spectro/mongoose.c:3739:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100], sha[20], b64_sha[sizeof(sha) * 2];
data/argyll-2.0.1+repack/spectro/mongoose.c:3885:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/argyll-2.0.1+repack/spectro/mongoose.c:4097:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szHostName[255];
data/argyll-2.0.1+repack/spectro/mongoose.c:4100:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/spectro/mongoose.c:4118:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abuf[INET_ADDRSTRLEN] = "";
data/argyll-2.0.1+repack/spectro/mongoose.c:4120:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abuf6[INET6_ADDRSTRLEN] = "";
data/argyll-2.0.1+repack/spectro/mongoose.c:4122:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/spectro/mongoose.c:4180:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[64], src_addr[20];
data/argyll-2.0.1+repack/spectro/mongoose.c:4418:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MG_BUF_LEN];
data/argyll-2.0.1+repack/spectro/mongoose.c:4504:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[1025], proto[10], buf2[MG_BUF_LEN];
data/argyll-2.0.1+repack/spectro/mongoose.c:4526:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} else if ((fp = fopen(path, "w+b")) == NULL) {
data/argyll-2.0.1+repack/spectro/mongoose.c:4674:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&conn->request_info.remote_ip,
data/argyll-2.0.1+repack/spectro/mongoose.c:4724:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_addr[20];
data/argyll-2.0.1+repack/spectro/mongoose.c:4943:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
for (i = 0; i < atoi(ctx->config[NUM_THREADS]); i++) {
data/argyll-2.0.1+repack/spectro/mongoose.h:313:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mg_md5(char buf[33], ...);
data/argyll-2.0.1+repack/spectro/munki.c:382:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[CALIDLEN] /* Condition identifier (ie. white reference ID) */
data/argyll-2.0.1+repack/spectro/munki_imp.c:440:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
val = ((signed char *)buf)[3];
data/argyll-2.0.1+repack/spectro/munki_imp.c:460:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
val = ((signed char *)buf)[1];
data/argyll-2.0.1+repack/spectro/munki_imp.c:480:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/argyll-2.0.1+repack/spectro/munki_imp.c:550:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char eeprom[1024];
data/argyll-2.0.1+repack/spectro/munki_imp.c:981:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[CALIDLEN] /* Condition identifier (ie. white reference ID) */
data/argyll-2.0.1+repack/spectro/munki_imp.c:1736:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(id, "Warning: Transmission light source is too low for accuracy!");
data/argyll-2.0.1+repack/spectro/munki_imp.c:1739:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(id, "Warning: Transmission light source is low at some wavelengths!");
data/argyll-2.0.1+repack/spectro/munki_imp.c:3169:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nmode[10];
data/argyll-2.0.1+repack/spectro/munki_imp.c:3170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cal_name[100]; /* Name */
data/argyll-2.0.1+repack/spectro/munki_imp.c:3196:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
|| (fp = fopen(cal_paths[0], nmode)) == NULL) {
data/argyll-2.0.1+repack/spectro/munki_imp.c:3288:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nmode[10];
data/argyll-2.0.1+repack/spectro/munki_imp.c:3289:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cal_name[100]; /* Name */
data/argyll-2.0.1+repack/spectro/munki_imp.c:3296:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serno[17];
data/argyll-2.0.1+repack/spectro/munki_imp.c:3324:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(cal_paths[0], nmode)) == NULL) {
data/argyll-2.0.1+repack/spectro/munki_imp.c:3616:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cal_name[100]; /* Name */
data/argyll-2.0.1+repack/spectro/munki_imp.c:3760:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("mkddump.txt", "a")) == NULL)
data/argyll-2.0.1+repack/spectro/munki_imp.c:4297:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("mkdump.txt", "w")) == NULL)
data/argyll-2.0.1+repack/spectro/munki_imp.c:4498:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("mkdump.txt", "r")) == NULL) {
data/argyll-2.0.1+repack/spectro/munki_imp.c:4499:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("mkdump.txt", "w")) == NULL)
data/argyll-2.0.1+repack/spectro/munki_imp.c:4508:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("mkdump.txt", "a")) == NULL)
data/argyll-2.0.1+repack/spectro/munki_imp.c:8361:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[8]; /* Write EEprom parameters */
data/argyll-2.0.1+repack/spectro/munki_imp.c:8394:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oline[100] = { '\000' }, *bp = oline;
data/argyll-2.0.1+repack/spectro/munki_imp.c:8397:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp," %04x:",i);
data/argyll-2.0.1+repack/spectro/munki_imp.c:8398:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp," %02x",buf[i]);
data/argyll-2.0.1+repack/spectro/munki_imp.c:8425:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[24]; /* status bytes read */
data/argyll-2.0.1+repack/spectro/munki_imp.c:8468:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char chipid[8]
data/argyll-2.0.1+repack/spectro/munki_imp.c:8493:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vstring[37]
data/argyll-2.0.1+repack/spectro/munki_imp.c:8525:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[16]; /* values read */
data/argyll-2.0.1+repack/spectro/munki_imp.c:8568:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[2]; /* status bytes read */
data/argyll-2.0.1+repack/spectro/munki_imp.c:8588:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sb1[50], sb2[50];
data/argyll-2.0.1+repack/spectro/munki_imp.c:8590:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sb1, "Projector");
data/argyll-2.0.1+repack/spectro/munki_imp.c:8592:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sb1, "Surface");
data/argyll-2.0.1+repack/spectro/munki_imp.c:8594:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sb1, "Calibration");
data/argyll-2.0.1+repack/spectro/munki_imp.c:8596:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sb1, "Ambient");
data/argyll-2.0.1+repack/spectro/munki_imp.c:8598:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sb1,"Unknown 0x%x",_spos);
data/argyll-2.0.1+repack/spectro/munki_imp.c:8600:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sb2, "Released");
data/argyll-2.0.1+repack/spectro/munki_imp.c:8602:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sb2, "Pressed");
data/argyll-2.0.1+repack/spectro/munki_imp.c:8604:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sb2,"Unknown 0x%x",_but);
data/argyll-2.0.1+repack/spectro/munki_imp.c:8628:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[20]; /* command bytes written */
data/argyll-2.0.1+repack/spectro/munki_imp.c:8664:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[12]; /* command bytes written */
data/argyll-2.0.1+repack/spectro/munki_imp.c:8830:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tbuf[NSEN_MAX * 2];
data/argyll-2.0.1+repack/spectro/munki_imp.c:8854:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oline[100] = { '\000' }, *bp = oline;
data/argyll-2.0.1+repack/spectro/munki_imp.c:8857:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp," %04x:",i);
data/argyll-2.0.1+repack/spectro/munki_imp.c:8858:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp," %02x",ibuf[i]);
data/argyll-2.0.1+repack/spectro/munki_imp.c:8880:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[8]; /* 8 bytes to write */
data/argyll-2.0.1+repack/spectro/munki_imp.c:8910:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8]; /* Result */
data/argyll-2.0.1+repack/spectro/munki_imp.c:8939:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[100];
data/argyll-2.0.1+repack/spectro/munki_imp.c:8941:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sbuf, "None");
data/argyll-2.0.1+repack/spectro/munki_imp.c:8943:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sbuf, "Button press");
data/argyll-2.0.1+repack/spectro/munki_imp.c:8945:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sbuf, "Button release");
data/argyll-2.0.1+repack/spectro/munki_imp.c:8947:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sbuf, "Sensor position change");
data/argyll-2.0.1+repack/spectro/munki_imp.c:8949:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sbuf,"Unknown 0x%x",_ecode);
data/argyll-2.0.1+repack/spectro/munki_imp.c:8970:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8]; /* Result */
data/argyll-2.0.1+repack/spectro/munki_imp.c:8999:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[100];
data/argyll-2.0.1+repack/spectro/munki_imp.c:9001:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sbuf, "None");
data/argyll-2.0.1+repack/spectro/munki_imp.c:9003:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sbuf, "Button press");
data/argyll-2.0.1+repack/spectro/munki_imp.c:9005:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sbuf, "Button release");
data/argyll-2.0.1+repack/spectro/munki_imp.c:9007:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sbuf, "Sensor position change");
data/argyll-2.0.1+repack/spectro/munki_imp.c:9009:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sbuf,"Unknown 0x%x",_ecode);
data/argyll-2.0.1+repack/spectro/munki_imp.c:9118:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char chipid[8]; /* Calibration chip id */
data/argyll-2.0.1+repack/spectro/munki_imp.c:9261:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oline[200] = { '\000' }, *bp = oline;
data/argyll-2.0.1+repack/spectro/munki_imp.c:9263:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp,"Normal non-lin =");
data/argyll-2.0.1+repack/spectro/munki_imp.c:9265:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp," %1.10f",m->lin0[i]);
data/argyll-2.0.1+repack/spectro/munki_imp.c:9270:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp,"High Gain non-lin =");
data/argyll-2.0.1+repack/spectro/munki_imp.c:9272:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
bp += sprintf(bp," %1.10f",m->lin1[i]);
data/argyll-2.0.1+repack/spectro/munki_imp.h:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char padding[1]; /* to change structure size to invalidate cal file */
data/argyll-2.0.1+repack/spectro/munki_imp.h:191:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char chipid[8]; /* HW serial number */
data/argyll-2.0.1+repack/spectro/munki_imp.h:192:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vstring[37]; /* Asciiz version string */
data/argyll-2.0.1+repack/spectro/munki_imp.h:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serno[17]; /* serial number string */
data/argyll-2.0.1+repack/spectro/munki_imp.h:426:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[100] /* Condition identifier (ie. white reference ID) */
data/argyll-2.0.1+repack/spectro/munki_imp.h:881:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char chipid[8]
data/argyll-2.0.1+repack/spectro/munki_imp.h:888:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vstring[37]
data/argyll-2.0.1+repack/spectro/oemarch.c:177:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[MAXNAMEL+1 + 100];
data/argyll-2.0.1+repack/spectro/oemarch.c:540:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/argyll-2.0.1+repack/spectro/oemarch.c:541:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vol_name[MAXNAMEL+1] = { '\000' };
data/argyll-2.0.1+repack/spectro/oemarch.c:542:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char drive[50];
data/argyll-2.0.1+repack/spectro/oemarch.c:580:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[MAXNAMEL+1] = { '\000' };
data/argyll-2.0.1+repack/spectro/oemarch.c:588:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tname, "_ISO");
data/argyll-2.0.1+repack/spectro/oemarch.c:604:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[MAXNAMEL+1 + 100];
data/argyll-2.0.1+repack/spectro/oemarch.c:621:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tname, "_ISO");
data/argyll-2.0.1+repack/spectro/oemarch.c:705:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000], *ap;
data/argyll-2.0.1+repack/spectro/oemarch.c:742:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[1000], *pf, *ap;
data/argyll-2.0.1+repack/spectro/oemarch.c:755:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tname, "C:/Program Files");
data/argyll-2.0.1+repack/spectro/oemarch.c:865:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(xf->name,"rb")) == NULL)
data/argyll-2.0.1+repack/spectro/oemarch.c:867:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(xf->name,"r")) == NULL)
data/argyll-2.0.1+repack/spectro/oemarch.c:940:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fname,"wb")) == NULL)
data/argyll-2.0.1+repack/spectro/oemarch.c:942:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fname,"w")) == NULL)
data/argyll-2.0.1+repack/spectro/oemarch.c:1264:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char magic1[4] = { 0xff, 0x94, 0xCB, 0x02 };
data/argyll-2.0.1+repack/spectro/oemarch.c:1265:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char magic2[4] = { 0xff, 0x04, 0xb0, 0x0a };
data/argyll-2.0.1+repack/spectro/oemarch.c:1325:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xf->buf, firmware, firmwaresize);
data/argyll-2.0.1+repack/spectro/oemarch.c:1341:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cal2vals[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf0, 0x3f };
data/argyll-2.0.1+repack/spectro/oemarch.c:1362:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cal2vals[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf0, 0x3f };
data/argyll-2.0.1+repack/spectro/oemarch.c:1363:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cal2evals[7] = { '3', '3', '3', '7', '1', '0', '-' };
data/argyll-2.0.1+repack/spectro/oemarch.c:1427:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xf->buf, caldata, rfsize);
data/argyll-2.0.1+repack/spectro/oemarch.c:1478:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ccssname + strlen(ccssname) -4, ".ccss");
data/argyll-2.0.1+repack/spectro/oemarch.c:1568:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char creatdate[30];
data/argyll-2.0.1+repack/spectro/oemarch.c:1569:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dispdesc[256];
data/argyll-2.0.1+repack/spectro/oemarch.c:1933:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(name,"rb")) == NULL)
data/argyll-2.0.1+repack/spectro/oemarch.c:1935:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(name,"r")) == NULL)
data/argyll-2.0.1+repack/spectro/oemarch.c:2795:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sname[9] = { '\000' };
data/argyll-2.0.1+repack/spectro/oemarch.c:3021:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[95];
data/argyll-2.0.1+repack/spectro/oemarch.c:3116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[95], *cp;
data/argyll-2.0.1+repack/spectro/oeminst.c:95:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verb = atoi(na);
data/argyll-2.0.1+repack/spectro/oeminst.c:152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[MAXNAMEL+1] = { '\000' };
data/argyll-2.0.1+repack/spectro/oeminst.c:161:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pp, "/ref/*.ccss");
data/argyll-2.0.1+repack/spectro/rspec.c:907:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nmode[10];
data/argyll-2.0.1+repack/spectro/rspec.c:908:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cal_name[200];
data/argyll-2.0.1+repack/spectro/rspec.c:953:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
|| (x->fp = fopen(cal_paths[0], nmode)) == NULL) {
data/argyll-2.0.1+repack/spectro/rspec.c:968:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cal_name[200];
data/argyll-2.0.1+repack/spectro/smcube.c:203:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/smcube.c:384:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mes[100];
data/argyll-2.0.1+repack/spectro/smcube.c:618:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[CALIDLEN] /* Condition identifier (ie. white reference ID) */
data/argyll-2.0.1+repack/spectro/smcube.c:1180:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/smcube.c:1215:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/smcube.c:1262:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/smcube.c:1309:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/smcube.c:1368:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/smcube.c:1414:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/smcube.c:1457:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/smcube.c:1516:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/smcube.c:1565:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/smcube.c:1613:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/smcube.c:2032:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100]; /* Name */
data/argyll-2.0.1+repack/spectro/smcube.c:2090:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100]; /* Name */
data/argyll-2.0.1+repack/spectro/smcube.c:2191:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100]; /* Name */
data/argyll-2.0.1+repack/spectro/spec2cie.c:664:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/spectro/spec2cie.c:681:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sp.spec_n = atoi (icg->t[0].kdata[ii]);
data/argyll-2.0.1+repack/spectro/spec2cie.c:702:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "SPEC_%03d", nm);
data/argyll-2.0.1+repack/spectro/spec2cie.c:778:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50] = { '\000' }, *cp;
data/argyll-2.0.1+repack/spectro/spec2cie.c:794:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "LAB");
data/argyll-2.0.1+repack/spectro/spec2cie.c:956:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/spectro/spec2cie.c:958:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f %f %f", ill_wp[0], ill_wp[1], ill_wp[2]);
data/argyll-2.0.1+repack/spectro/specbos.c:155:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/spectro/specbos.c:227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/specbos.c:541:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mes[100];
data/argyll-2.0.1+repack/spectro/specbos.c:542:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/specbos.c:615:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mes, "*para:maxtint %d\r", maxtint);
data/argyll-2.0.1+repack/spectro/specbos.c:622:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mes, "*para:maxaver %d\r", maxaver);
data/argyll-2.0.1+repack/spectro/specbos.c:643:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mes, "*para:maxtint %d\r", maxtint);
data/argyll-2.0.1+repack/spectro/specbos.c:662:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mes, "*para:maxaver %d\r", maxaver);
data/argyll-2.0.1+repack/spectro/specbos.c:690:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mes, "*conf:maxtin %d\r", maxtin);
data/argyll-2.0.1+repack/spectro/specbos.c:708:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mes, "*para:splitt %d\r", 1000);
data/argyll-2.0.1+repack/spectro/specbos.c:763:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mes, "*para:wran %d %d 1\r", (int)(p->wl_short+0.5), (int)(p->wl_long+0.5));
data/argyll-2.0.1+repack/spectro/specbos.c:816:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mes, "*conf:wran %d %d 1\r", (int)(p->wl_short+0.5), (int)(p->wl_long+0.5));
data/argyll-2.0.1+repack/spectro/specbos.c:892:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_RD_SIZE];
data/argyll-2.0.1+repack/spectro/specbos.c:914:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_RD_SIZE];
data/argyll-2.0.1+repack/spectro/specbos.c:938:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mes[100];
data/argyll-2.0.1+repack/spectro/specbos.c:939:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/specbos.c:946:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mes, "*para:aver %d\r", nav);
data/argyll-2.0.1+repack/spectro/specbos.c:953:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mes, "*conf:aver %d\r", nav);
data/argyll-2.0.1+repack/spectro/specbos.c:962:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mes, "*conf:darkm %d\r", nav == 1 ? 0 : 1);
data/argyll-2.0.1+repack/spectro/specbos.c:982:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_RD_SIZE];
data/argyll-2.0.1+repack/spectro/specbos.c:1120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mes[100];
data/argyll-2.0.1+repack/spectro/specbos.c:1134:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mes, "*conf:wran %d %d 1\r", (int)(p->wl_short+0.5), (int)(p->wl_long+0.5));
data/argyll-2.0.1+repack/spectro/specbos.c:1460:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/specbos.c:1468:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mes[100];
data/argyll-2.0.1+repack/spectro/specbos.c:1479:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mes,"*para:syncfreq %f\r",1.0/p->refperiod);
data/argyll-2.0.1+repack/spectro/specbos.c:1484:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mes,"*conf:cyctim %f\r",p->refperiod * 1e6);
data/argyll-2.0.1+repack/spectro/specbos.c:1513:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE], *cp;
data/argyll-2.0.1+repack/spectro/specbos.c:1572:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/specbos.c:1679:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[CALIDLEN] /* Condition identifier (ie. white reference ID) */
data/argyll-2.0.1+repack/spectro/specbos.c:2436:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MES_SIZE];
data/argyll-2.0.1+repack/spectro/spotread.c:81:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf [200];
data/argyll-2.0.1+repack/spectro/spotread.c:412:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outname[MAXNAMEL+1] = "\000"; /* Output logfile name */
data/argyll-2.0.1+repack/spectro/spotread.c:413:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ccxxname[MAXNAMEL+1] = "\000"; /* Colorimeter Correction/Colorimeter Calibration name */
data/argyll-2.0.1+repack/spectro/spotread.c:414:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filtername[MAXNAMEL+1] = "\000"; /* Filter compensation */
data/argyll-2.0.1+repack/spectro/spotread.c:415:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wtilename[MAXNAMEL+1] = "\000"; /* White file spectrum */
data/argyll-2.0.1+repack/spectro/spotread.c:416:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char psetrefname[MAXNAMEL+1] = "\000"; /* Preset reference spectrum */
data/argyll-2.0.1+repack/spectro/spotread.c:440:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char labwpname[100] = "D50"; /* Name of Lab conversion wp */
data/argyll-2.0.1+repack/spectro/spotread.c:498:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug = atoi(na);
data/argyll-2.0.1+repack/spectro/spotread.c:522:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
comport = atoi(na);
data/argyll-2.0.1+repack/spectro/spotread.c:803:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
docalib = atoi(na);
data/argyll-2.0.1+repack/spectro/spotread.c:903:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(outname, "w")) == NULL)
data/argyll-2.0.1+repack/spectro/spotread.c:2140:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[500];
data/argyll-2.0.1+repack/spectro/spyd2.c:295:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[8]; /* status bytes read */
data/argyll-2.0.1+repack/spectro/spyd2.c:452:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8]; /* return bytes read */
data/argyll-2.0.1+repack/spectro/spyd2.c:538:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf1[8]; /* send bytes */
data/argyll-2.0.1+repack/spectro/spyd2.c:539:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf2[8]; /* return bytes read */
data/argyll-2.0.1+repack/spectro/spyd2.c:647:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf1[8]; /* send bytes */
data/argyll-2.0.1+repack/spectro/spyd2.c:648:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf2[9 * 8]; /* return bytes read */
data/argyll-2.0.1+repack/spectro/spyd2.c:1107:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[1]; /* Timing value read */
data/argyll-2.0.1+repack/spectro/spyd2.c:1147:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[2]; /* Channel value read */
data/argyll-2.0.1+repack/spectro/spyd2.c:1189:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[1]; /* Config value read */
data/argyll-2.0.1+repack/spectro/spyd2.c:1273:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pbuf[2]; /* Temp value read */
data/argyll-2.0.1+repack/spectro/spyd2.c:1349:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1];
data/argyll-2.0.1+repack/spectro/spyd2.c:1367:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2];
data/argyll-2.0.1+repack/spectro/spyd2.c:1385:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/argyll-2.0.1+repack/spectro/spyd2.c:1448:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024], *bp;
data/argyll-2.0.1+repack/spectro/spyd2.c:1485:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[3 * 9 * 4], *bp;
data/argyll-2.0.1+repack/spectro/spyd2.c:1522:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[7 * 41 * 2], *bp;
data/argyll-2.0.1+repack/spectro/spyd2.c:1549:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[7 * 41 * 2], *bp;
data/argyll-2.0.1+repack/spectro/spyd2.c:2436:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/argyll-2.0.1+repack/spectro/spyd2.c:2669:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *spyder_pld_bytes[2] = { NULL, NULL }; /* Bytes to download */
data/argyll-2.0.1+repack/spectro/spyd2.c:2762:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(bin_paths[0],"rb")) == NULL)
data/argyll-2.0.1+repack/spectro/spyd2.c:2764:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(bin_paths[0],"r")) == NULL)
data/argyll-2.0.1+repack/spectro/spyd2.c:2982:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8]; /* return bytes read */
data/argyll-2.0.1+repack/spectro/spyd2.c:3262:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[CALIDLEN] /* Condition identifier (ie. white reference ID) */
data/argyll-2.0.1+repack/spectro/spyd2.c:4179:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(bin_paths[0],"rb")) == NULL)
data/argyll-2.0.1+repack/spectro/spyd2.c:4181:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(bin_paths[0],"r")) == NULL)
data/argyll-2.0.1+repack/spectro/spyd2.h:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serno[9]; /* 8:8xB Serial number as zero terminated string */
data/argyll-2.0.1+repack/spectro/ss.c:333:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devn[19];
data/argyll-2.0.1+repack/spectro/ss.c:348:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devn[19];
data/argyll-2.0.1+repack/spectro/ss.c:474:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dn[19]; /* Device name */
data/argyll-2.0.1+repack/spectro/ss.c:476:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pn[9]; /* Part number */
data/argyll-2.0.1+repack/spectro/ss.c:480:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sv[13]; /* Software version */
data/argyll-2.0.1+repack/spectro/ss.c:508:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dn[19]; /* device name */
data/argyll-2.0.1+repack/spectro/ss.c:510:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pn[9]; /* part number */
data/argyll-2.0.1+repack/spectro/ss.c:512:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sv[13]; /* software release */
data/argyll-2.0.1+repack/spectro/ss.c:516:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devn[19];
data/argyll-2.0.1+repack/spectro/ss.c:703:111: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static inst_code ss_calibrate_imp(ss *p, inst_cal_type *calt, inst_cal_cond *calc, inst_calc_id_type *idtype, char id[CALIDLEN]);
data/argyll-2.0.1+repack/spectro/ss.c:787:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[CALIDLEN];
data/argyll-2.0.1+repack/spectro/ss.c:1013:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[CALIDLEN];
data/argyll-2.0.1+repack/spectro/ss.c:1418:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[CALIDLEN] /* Condition identifier (ie. white reference ID) */
data/argyll-2.0.1+repack/spectro/ss.c:1623:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(id, "Warning: Transmission light source is low at some wavelengths!");
data/argyll-2.0.1+repack/spectro/ss.c:1677:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[CALIDLEN] /* Condition identifier (ie. white reference ID) */
data/argyll-2.0.1+repack/spectro/ss.c:2117:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dtn[19];
data/argyll-2.0.1+repack/spectro/ss.h:104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _sbuf[SS_MAX_WR_SIZE]; /* Buffer allocation */
data/argyll-2.0.1+repack/spectro/ss.h:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _rbuf[SS_MAX_RD_SIZE]; /* Buffer allocation */
data/argyll-2.0.1+repack/spectro/ss_imp.c:69:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char b2h[16] = {
data/argyll-2.0.1+repack/spectro/ss_imp.c:629:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dn[19], /* Return the device name */
data/argyll-2.0.1+repack/spectro/ss_imp.c:631:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pn[9], /* Return the part number */
data/argyll-2.0.1+repack/spectro/ss_imp.c:633:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sv[13] /* Return software version */
data/argyll-2.0.1+repack/spectro/ss_imp.c:635:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rsv[17]; /* Space for reserved field */
data/argyll-2.0.1+repack/spectro/ss_imp.c:652:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dn[19], /* Return Device Name */
data/argyll-2.0.1+repack/spectro/ss_imp.c:877:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dtn[19] /* Return name of data table */
data/argyll-2.0.1+repack/spectro/ss_imp.c:900:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dtn[19] /* Name for data table */
data/argyll-2.0.1+repack/spectro/ss_imp.c:1387:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[19] /* Return Device Type ("SpectroScan", "SpectroScan " or "SpectroScanT") */
data/argyll-2.0.1+repack/spectro/ss_imp.c:1397:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dt,"SpectroScanT");
data/argyll-2.0.1+repack/spectro/ss_imp.c:1418:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pn[9] /* Return Part Number */
data/argyll-2.0.1+repack/spectro/ss_imp.c:1448:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sv[13] /* Return Software Version */
data/argyll-2.0.1+repack/spectro/ss_imp.h:815:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dn[19], /* Return the device name */
data/argyll-2.0.1+repack/spectro/ss_imp.h:817:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pn[9], /* Return the part number */
data/argyll-2.0.1+repack/spectro/ss_imp.h:819:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sv[13] /* Return software version */
data/argyll-2.0.1+repack/spectro/ss_imp.h:825:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dn[19], /* Return Device Name */
data/argyll-2.0.1+repack/spectro/ss_imp.h:920:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dtn[19] /* Return name of data table */
data/argyll-2.0.1+repack/spectro/ss_imp.h:929:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dtn[19] /* Name for data table */
data/argyll-2.0.1+repack/spectro/ss_imp.h:1120:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dt[19] /* Return Device Type ("SpectroScan " or "SpectroScanT") */
data/argyll-2.0.1+repack/spectro/ss_imp.h:1132:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pn[9] /* Return Part Number */
data/argyll-2.0.1+repack/spectro/ss_imp.h:1146:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sv[13] /* Return Software Version */
data/argyll-2.0.1+repack/spectro/synthcal.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outname[MAXNAMEL+1] = { 0 }; /* Output cgats file base name */
data/argyll-2.0.1+repack/spectro/synthcal.c:129:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
calres = atoi(na);
data/argyll-2.0.1+repack/spectro/synthcal.c:153:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ix = atoi(na);
data/argyll-2.0.1+repack/spectro/synthcal.c:165:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ix = atoi(na);
data/argyll-2.0.1+repack/spectro/synthcal.c:263:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outname,".cal");
data/argyll-2.0.1+repack/spectro/synthcal.c:301:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/argyll-2.0.1+repack/spectro/synthread.c:136:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sepname[500] = { 0 }; /* ICC separation profile */
data/argyll-2.0.1+repack/spectro/synthread.c:137:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char inname[500] = { 0 }; /* Input cgats file base name */
data/argyll-2.0.1+repack/spectro/synthread.c:138:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char outname[500] = { 0 }; /* Output cgats file base name */
data/argyll-2.0.1+repack/spectro/synthread.c:167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xyzfname[3] = { "XYZ_X", "XYZ_Y", "XYZ_Z" };
data/argyll-2.0.1+repack/spectro/synthread.c:168:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *labfname[3] = { "LAB_L", "LAB_A", "LAB_B" };
data/argyll-2.0.1+repack/spectro/synthread.c:318:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(inname,".ti1");
data/argyll-2.0.1+repack/spectro/synthread.c:320:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outname,".ti3");
data/argyll-2.0.1+repack/spectro/synthread.c:522:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100];
data/argyll-2.0.1+repack/spectro/synthread.c:543:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100];
data/argyll-2.0.1+repack/spectro/usbio_bsd.c:107:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(g.gl_pathv[i], O_RDONLY)) < 0)
data/argyll-2.0.1+repack/spectro/usbio_bsd.c:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[400], *cp;
data/argyll-2.0.1+repack/spectro/usbio_bsd.c:251:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8+IUSB_DESC_TYPE_DEVICE_SIZE];
data/argyll-2.0.1+repack/spectro/usbio_bsd.c:266:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1] = { 0 };
data/argyll-2.0.1+repack/spectro/usbio_bsd.c:688:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + IUSB_REQ_HEADER_SIZE, bytes, size);
data/argyll-2.0.1+repack/spectro/usbio_bsd.c:695:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bytes, buf + IUSB_REQ_HEADER_SIZE, size);
data/argyll-2.0.1+repack/spectro/usbio_lx.c:86:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[IUSB_DESC_TYPE_DEVICE_SIZE];
data/argyll-2.0.1+repack/spectro/usbio_lx.c:96:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(dpath, O_RDONLY)) < 0) {
data/argyll-2.0.1+repack/spectro/usbio_lx.c:163:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf2, buf, 4); /* First 4 bytes read */
data/argyll-2.0.1+repack/spectro/usbio_lx.c:223:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[400];
data/argyll-2.0.1+repack/spectro/usbio_lx.c:263:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *paths[3] = { "/dev/bus/usb", /* current, from udev */
data/argyll-2.0.1+repack/spectro/usbio_lx.c:281:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path1[PATH_MAX];
data/argyll-2.0.1+repack/spectro/usbio_lx.c:282:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path2[PATH_MAX];
data/argyll-2.0.1+repack/spectro/usbio_lx.c:307:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path2[PATH_MAX];
data/argyll-2.0.1+repack/spectro/usbio_lx.c:384:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8+IUSB_DESC_TYPE_DEVICE_SIZE];
data/argyll-2.0.1+repack/spectro/usbio_lx.c:402:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1] = { 0 };
data/argyll-2.0.1+repack/spectro/usbio_lx.c:468:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rv = p->usbd->fd = open(p->usbd->dpath, O_RDWR)) < 0) {
data/argyll-2.0.1+repack/spectro/usbio_lx.c:1024:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + IUSB_REQ_HEADER_SIZE, bytes, size);
data/argyll-2.0.1+repack/spectro/usbio_lx.c:1031:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bytes, buf + IUSB_REQ_HEADER_SIZE, size);
data/argyll-2.0.1+repack/spectro/usbio_nt.c:119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dpath[LIBUSBW1_PATH_MAX];
data/argyll-2.0.1+repack/spectro/usbio_nt.c:121:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[IUSB_DESC_TYPE_DEVICE_SIZE];
data/argyll-2.0.1+repack/spectro/usbio_nt.c:315:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[400];
data/argyll-2.0.1+repack/spectro/usbio_nt.c:803:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(obuf, &req, sizeof(libusb_request));
data/argyll-2.0.1+repack/spectro/usbio_nt.c:804:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(obuf + sizeof(libusb_request), bytes, size);
data/argyll-2.0.1+repack/spectro/usbio_nt.c:902:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1] = { 0xff };
data/argyll-2.0.1+repack/spectro/usbio_ox.c:157:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[400];
data/argyll-2.0.1+repack/spectro/vtpglut.c:372:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSZ];
data/argyll-2.0.1+repack/spectro/webwin.c:57:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src_addr[20];
data/argyll-2.0.1+repack/spectro/webwin.c:329:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *options[3];
data/argyll-2.0.1+repack/spectro/webwin.c:330:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[50];
data/argyll-2.0.1+repack/spectro/webwin.c:385:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(port,"%d", webdisp);
data/argyll-2.0.1+repack/spectro/webwin.c:396:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100], *url;
data/argyll-2.0.1+repack/spectro/xdg_bds.c:751:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uid = atoi(uids);
data/argyll-2.0.1+repack/spectro/xdg_bds.c:752:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gid = atoi(gids);
data/argyll-2.0.1+repack/spectro/xdg_bds.c:901:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(name,"w")) == NULL)
data/argyll-2.0.1+repack/spectro/xdg_bds.c:915:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(name,"r")) == NULL)
data/argyll-2.0.1+repack/spectro/xdg_bds.c:968:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/argyll-2.0.1+repack/spectro/xdg_bds.c:1039:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *defv[2]; /* Default variables needed for user & local tests on read */
data/argyll-2.0.1+repack/spectro/xdg_bds.c:1040:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *envn[10]; /* Environment variable name to set */
data/argyll-2.0.1+repack/spectro/xdg_bds.c:1045:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[200], buf2[200];
data/argyll-2.0.1+repack/spectro/xdg_bds.c:1091:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf1, "xdgtest%d",i);
data/argyll-2.0.1+repack/target/alphix.c:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *v, *tb, _tb[11];
data/argyll-2.0.1+repack/target/alphix.c:274:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *v, *tb, _tb[11];
data/argyll-2.0.1+repack/target/filmtarg.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc[5]; /* Location ID string */
data/argyll-2.0.1+repack/target/filmtarg.c:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char slab[6]; /* Strip label */
data/argyll-2.0.1+repack/target/filmtarg.c:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[200]; /* File name */
data/argyll-2.0.1+repack/target/filmtarg.c:100:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(slab, "P%04d",i+1);
data/argyll-2.0.1+repack/target/filmtarg.c:207:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char inname[200] = { 0 }; /* Input cgats file base name */
data/argyll-2.0.1+repack/target/filmtarg.c:208:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char outname[200] = { 0 }; /* Output cgats file base name */
data/argyll-2.0.1+repack/target/filmtarg.c:209:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tiffname[200] = { 0 }; /* Output postscrip file base name */
data/argyll-2.0.1+repack/target/filmtarg.c:221:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100]; /* general sprintf buffer */
data/argyll-2.0.1+repack/target/filmtarg.c:289:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(inname,".ti1");
data/argyll-2.0.1+repack/target/filmtarg.c:291:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outname,".ti2");
data/argyll-2.0.1+repack/target/filmtarg.c:371:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%6.4f", gamma);
data/argyll-2.0.1+repack/target/filmtarg.c:393:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",rstart);
data/argyll-2.0.1+repack/target/ifarp.c:852:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
npoints = atoi(argv[1]);
data/argyll-2.0.1+repack/target/ofps.c:621:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5][200];
data/argyll-2.0.1+repack/target/ofps.c:630:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bp, "0x"); bp += strlen(bp);
data/argyll-2.0.1+repack/target/ofps.c:634:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bp, "%08x", sm->m[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/target/ofps.c:636:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bp, "%x", sm->m[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/target/ofps.c:8539:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
npoints = atoi(argv[1]);
data/argyll-2.0.1+repack/target/ofps.c:8542:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ntostop = atoi(argv[2]);
data/argyll-2.0.1+repack/target/ofps.c:8545:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nopstop = atoi(argv[3]);
data/argyll-2.0.1+repack/target/ofps.c:8587:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5][200];
data/argyll-2.0.1+repack/target/ofps.c:8599:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bp, "%d", co[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/target/ofps.c:8606:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5][200];
data/argyll-2.0.1+repack/target/ofps.c:8622:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bp, "%f", val); bp += strlen(bp);
data/argyll-2.0.1+repack/target/ofps.c:8629:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5][200];
data/argyll-2.0.1+repack/target/ofps.c:8641:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bp, "%d", n[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/target/ofps.c:8648:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5][200];
data/argyll-2.0.1+repack/target/ofps.c:8660:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bp,"%f",eperr);
data/argyll-2.0.1+repack/target/ofps.c:8764:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ntext[i],"%d",p->ix);
data/argyll-2.0.1+repack/target/ofps.c:8843:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mtext[n3],"%d",mp->no);
data/argyll-2.0.1+repack/target/ofps.c:8891:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mtext[n3],"%d",vx->no);
data/argyll-2.0.1+repack/target/ofps.c:8896:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mtext[n3],"%d:Big",vx->no);
data/argyll-2.0.1+repack/target/ofps.c:8898:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mtext[n3],"%d:%d",vx->no,(int)(vx->eserr + 0.5));
data/argyll-2.0.1+repack/target/ofps.c:8903:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mtext[n3],"Big");
data/argyll-2.0.1+repack/target/ofps.c:8905:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mtext[n3],"%d",(int)(vx->eserr + 0.5));
data/argyll-2.0.1+repack/target/ofps.c:8919:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mtext[n3],"%d",(int)(vx->eserr + 0.5));
data/argyll-2.0.1+repack/target/ofps.c:8933:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pa[WIDTH * 3];
data/argyll-2.0.1+repack/target/ofps.c:9898:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("bad.log","w")) == NULL)
data/argyll-2.0.1+repack/target/ofps.c:9902:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen("bad.log","a")) == NULL)
data/argyll-2.0.1+repack/target/ofps.c:10023:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[3], /* Color */
data/argyll-2.0.1+repack/target/ofps.c:10131:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *base, *pa, col[2][3];
data/argyll-2.0.1+repack/target/ppoint.c:941:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
npoints = atoi(argv[1]);
data/argyll-2.0.1+repack/target/printtarg.c:161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc[10]; /* Location ID string */
data/argyll-2.0.1+repack/target/printtarg.c:568:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((s->of = fopen(fname,"w")) == NULL) {
data/argyll-2.0.1+repack/target/printtarg.c:1774:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char psname[MAXNAMEL+20]; /* Name of output file */
data/argyll-2.0.1+repack/target/printtarg.c:2824:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chtname[MAXNAMEL+20]; /* Name of .cht file */
data/argyll-2.0.1+repack/target/printtarg.c:2975:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char inname[MAXNAMEL+20] = { 0 }; /* Input cgats file name */
data/argyll-2.0.1+repack/target/printtarg.c:2976:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char calname[MAXNAMEL+1] = { 0 }; /* Input printer calibration */
data/argyll-2.0.1+repack/target/printtarg.c:2977:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char psname[MAXNAMEL+1] = { 0 }; /* Output postscrip file base name */
data/argyll-2.0.1+repack/target/printtarg.c:2978:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char outname[MAXNAMEL+20] = { 0 }; /* Output cgats file name */
data/argyll-2.0.1+repack/target/printtarg.c:2987:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[400]; /* Space for chart label */
data/argyll-2.0.1+repack/target/printtarg.c:3008:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bp, buf[500]; /* general sprintf buffer */
data/argyll-2.0.1+repack/target/printtarg.c:3108:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rstart = atoi(na);
data/argyll-2.0.1+repack/target/printtarg.c:3227:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qbits = atoi(na);
data/argyll-2.0.1+repack/target/printtarg.c:3335:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(inname,".ti1");
data/argyll-2.0.1+repack/target/printtarg.c:3336:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outname,".ti2");
data/argyll-2.0.1+repack/target/printtarg.c:3449:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xyzfname[3] = { "XYZ_X", "XYZ_Y", "XYZ_Z" };
data/argyll-2.0.1+repack/target/printtarg.c:3464:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100];
data/argyll-2.0.1+repack/target/printtarg.c:3501:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cols[i].loc, "???");
data/argyll-2.0.1+repack/target/printtarg.c:3530:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xyzfname[3] = { "XYZ_X", "XYZ_Y", "XYZ_Z" };
data/argyll-2.0.1+repack/target/printtarg.c:3540:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100];
data/argyll-2.0.1+repack/target/printtarg.c:3574:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cols[i].loc, "???");
data/argyll-2.0.1+repack/target/printtarg.c:3592:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xyzfname[3] = { "XYZ_X", "XYZ_Y", "XYZ_Z" };
data/argyll-2.0.1+repack/target/printtarg.c:3601:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100];
data/argyll-2.0.1+repack/target/printtarg.c:3635:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cols[i].loc, "???");
data/argyll-2.0.1+repack/target/printtarg.c:3649:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.1fx%.1f",pap->w, pap->h);
data/argyll-2.0.1+repack/target/printtarg.c:3653:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.1fx%.1f",cwidth, cheight);
data/argyll-2.0.1+repack/target/printtarg.c:3664:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",rstart);
data/argyll-2.0.1+repack/target/printtarg.c:3693:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f",plen);
data/argyll-2.0.1+repack/target/printtarg.c:3695:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f",glen);
data/argyll-2.0.1+repack/target/printtarg.c:3698:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f",tlen);
data/argyll-2.0.1+repack/target/printtarg.c:3703:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",sip);
data/argyll-2.0.1+repack/target/printtarg.c:3798:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[20]; /* ID string, Zero length if a diagnostic rectangle */
data/argyll-2.0.1+repack/target/printtarg.c:4067:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ep0b, ep0, sizeof(hedge));
data/argyll-2.0.1+repack/target/printtarg.c:4071:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ep1b, ep1, sizeof(hedge));
data/argyll-2.0.1+repack/target/printtarg.c:4108:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ep0b, ep0, sizeof(hedge));
data/argyll-2.0.1+repack/target/printtarg.c:4112:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ep0c, ep0, sizeof(hedge));
data/argyll-2.0.1+repack/target/printtarg.c:4329:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((of = fopen(fname,"w")) == NULL)
data/argyll-2.0.1+repack/target/randix.c:123:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
length = atoi(argv[1]);
data/argyll-2.0.1+repack/target/simdlat.c:900:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
npoints = atoi(argv[1]);
data/argyll-2.0.1+repack/target/simplat.c:932:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
npoints = atoi(argv[1]);
data/argyll-2.0.1+repack/target/targen.c:967:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fname[MAXNAMEL+1] = { 0 }; /* Output file base name */
data/argyll-2.0.1+repack/target/targen.c:968:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pname[MAXNAMEL+1] = { 0 }; /* Device profile name */
data/argyll-2.0.1+repack/target/targen.c:969:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char wdname[MAXNAMEL+1] = { 0 }; /* Device diagnostic .wrl/.x3d name */
data/argyll-2.0.1+repack/target/targen.c:970:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char wlname[MAXNAMEL+1] = { 0 }; /* Lab diagnostic .wrl/.x3d name */
data/argyll-2.0.1+repack/target/targen.c:971:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[500]; /* Genaral use text buffer */
data/argyll-2.0.1+repack/target/targen.c:1018:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verb = atoi(na);
data/argyll-2.0.1+repack/target/targen.c:1027:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(na);
data/argyll-2.0.1+repack/target/targen.c:1038:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(na);
data/argyll-2.0.1+repack/target/targen.c:1056:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((tt = atoi(na)) >= 0)
data/argyll-2.0.1+repack/target/targen.c:1064:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((tt = atoi(na)) >= 0)
data/argyll-2.0.1+repack/target/targen.c:1072:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((tt = atoi(na)) >= 0)
data/argyll-2.0.1+repack/target/targen.c:1080:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((tt = atoi(na)) >= 0)
data/argyll-2.0.1+repack/target/targen.c:1088:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((tt = atoi(na)) >= 0) {
data/argyll-2.0.1+repack/target/targen.c:1099:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((tt = atoi(na)) >= 0) {
data/argyll-2.0.1+repack/target/targen.c:1110:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((tt = atoi(na)) >= 0)
data/argyll-2.0.1+repack/target/targen.c:1275:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fname,".ti1");
data/argyll-2.0.1+repack/target/targen.c:1409:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f %f %f", 100.0 * XYZ[0], 100.0 * XYZ[1], 100.0 * XYZ[2]);
data/argyll-2.0.1+repack/target/targen.c:1420:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c_ilimit[20];
data/argyll-2.0.1+repack/target/targen.c:1425:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100];
data/argyll-2.0.1+repack/target/targen.c:1439:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(c_ilimit,"%5.1f",ilimit * 100.0);
data/argyll-2.0.1+repack/target/targen.c:1466:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f",xpow);
data/argyll-2.0.1+repack/target/targen.c:1471:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f",demph);
data/argyll-2.0.1+repack/target/targen.c:1494:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",esteps);
data/argyll-2.0.1+repack/target/targen.c:1515:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",id++);
data/argyll-2.0.1+repack/target/targen.c:1580:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",id++);
data/argyll-2.0.1+repack/target/targen.c:1611:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",k);
data/argyll-2.0.1+repack/target/targen.c:1618:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",ssteps);
data/argyll-2.0.1+repack/target/targen.c:1662:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",id++);
data/argyll-2.0.1+repack/target/targen.c:1700:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",gsteps);
data/argyll-2.0.1+repack/target/targen.c:1763:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",id++);
data/argyll-2.0.1+repack/target/targen.c:1800:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",msteps);
data/argyll-2.0.1+repack/target/targen.c:1850:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",id++);
data/argyll-2.0.1+repack/target/targen.c:1942:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",id++);
data/argyll-2.0.1+repack/target/targen.c:1994:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",bsteps);
data/argyll-2.0.1+repack/target/targen.c:2046:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",id++);
data/argyll-2.0.1+repack/target/targen.c:2133:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",id++);
data/argyll-2.0.1+repack/target/targen.c:2170:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",j);
data/argyll-2.0.1+repack/target/targen.c:2195:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",fsteps - fxno);
data/argyll-2.0.1+repack/target/targen.c:2201:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",fsteps - fxno);
data/argyll-2.0.1+repack/target/targen.c:2207:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",fsteps - fxno);
data/argyll-2.0.1+repack/target/targen.c:2213:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",fsteps - fxno);
data/argyll-2.0.1+repack/target/targen.c:2221:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",fsteps - fxno);
data/argyll-2.0.1+repack/target/targen.c:2260:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",id++);
data/argyll-2.0.1+repack/tweak/refine.c:247:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sid[50]; /* sample id */
data/argyll-2.0.1+repack/tweak/refine.c:263:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXNAMEL+1]; /* Patch filename */
data/argyll-2.0.1+repack/tweak/refine.c:267:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[MAXNAMEL+1]; /* Output device ICC filename for gamut */
data/argyll-2.0.1+repack/tweak/refine.c:268:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rd_name[MAXNAMEL+1]; /* Abstract profile ICC to modify */
data/argyll-2.0.1+repack/tweak/refine.c:269:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wr_name[MAXNAMEL+1]; /* Modified/created abstract profile ICC */
data/argyll-2.0.1+repack/tweak/refine.c:344:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
clutres = atoi(na);
data/argyll-2.0.1+repack/tweak/refine.c:632:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/tweak/refine.c:638:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sp.spec_n = atoi(cgf->t[0].kdata[ii]);
data/argyll-2.0.1+repack/tweak/refine.c:655:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d",nm);
data/argyll-2.0.1+repack/tweak/refine.c:1030:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[50], tmp[50];
data/argyll-2.0.1+repack/tweak/refine.c:1055:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fname,"patch%04d.log",i+1);
data/argyll-2.0.1+repack/tweak/refine.c:1056:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((lf = fopen(fname, "a")) == NULL)
data/argyll-2.0.1+repack/tweak/refine.c:1061:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, " OUT %f",cig);
data/argyll-2.0.1+repack/tweak/refine.c:1068:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, " OUT %f",tig);
data/argyll-2.0.1+repack/tweak/refine.c:1079:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, " OUT %f",rig);
data/argyll-2.0.1+repack/ucmm/ucmm.c:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[17] = "0123456789ABCDEF";
data/argyll-2.0.1+repack/ucmm/ucmm.c:270:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(sprof,"rb")) == NULL)
data/argyll-2.0.1+repack/ucmm/ucmm.c:272:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(sprof,"r")) == NULL)
data/argyll-2.0.1+repack/ucmm/ucmm.c:322:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(data_name,"wb")) == NULL)
data/argyll-2.0.1+repack/ucmm/ucmm.c:324:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(data_name,"w")) == NULL)
data/argyll-2.0.1+repack/ucmm/ucmm.c:358:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyn1[100];
data/argyll-2.0.1+repack/ucmm/ucmm.c:359:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyn2[100];
data/argyll-2.0.1+repack/ucmm/ucmm.c:432:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((ii = atoi(pp)) == 0) {
data/argyll-2.0.1+repack/ucmm/ucmm.c:465:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(keyn1, "devices/display/%d/ICC_PROFILE", recno);
data/argyll-2.0.1+repack/ucmm/ucmm.c:481:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(keyn2, "devices/display/%d/ICC_PROFILE", recno);
data/argyll-2.0.1+repack/ucmm/ucmm.c:628:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyn1[100];
data/argyll-2.0.1+repack/ucmm/ucmm.c:688:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((ii = atoi(pp)) == 0) {
data/argyll-2.0.1+repack/ucmm/ucmm.c:717:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(keyn1, "devices/display/%d/ICC_PROFILE", recno);
data/argyll-2.0.1+repack/ucmm/ucmm.c:761:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyn1[100];
data/argyll-2.0.1+repack/ucmm/ucmm.c:783:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(keyn1, "devices/display/%d/", recno);
data/argyll-2.0.1+repack/usb/driver/driver_debug.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256];
data/argyll-2.0.1+repack/usb/driver/driver_debug.c:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256];
data/argyll-2.0.1+repack/usb/driver/driver_registry.c:341:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_buffer, (((char *)info) + info->DataOffset),data_length);
data/argyll-2.0.1+repack/usb/driver/libusb_driver.c:138:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[256];
data/argyll-2.0.1+repack/usb/driver/libusb_driver.c:139:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char compat_id[256];
data/argyll-2.0.1+repack/usb/driver/libusb_driver.h:216:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_id[256];
data/argyll-2.0.1+repack/usb/driver/libusb_driver.h:218:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char objname_plugplay_registry_key[512];
data/argyll-2.0.1+repack/xicc/cam02plot.c:527:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
res = atoi(na);
data/argyll-2.0.1+repack/xicc/cam02plot.c:559:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tx = atoi(argv[fa]);
data/argyll-2.0.1+repack/xicc/cam02plot.c:560:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ty = atoi(argv[fa+1]);
data/argyll-2.0.1+repack/xicc/ccmx.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/xicc/ccmx.c:90:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", p->cc_cbid);
data/argyll-2.0.1+repack/xicc/ccmx.c:165:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p->err, "new_cgatsFileMem failed");
data/argyll-2.0.1+repack/xicc/ccmx.c:179:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p->err, "cgatsFileMem get_buf failed");
data/argyll-2.0.1+repack/xicc/ccmx.c:198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xyzfname[3] = { "XYZ_X", "XYZ_Y", "XYZ_Z" };
data/argyll-2.0.1+repack/xicc/ccmx.c:201:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccmx: Input file isn't a CCMX format file");
data/argyll-2.0.1+repack/xicc/ccmx.c:205:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "Input file doesn't contain exactly one table");
data/argyll-2.0.1+repack/xicc/ccmx.c:209:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccmx: Input file doesn't contain keyword COLOR_REP");
data/argyll-2.0.1+repack/xicc/ccmx.c:214:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccmx: Input file doesn't have COLOR_REP of XYZ");
data/argyll-2.0.1+repack/xicc/ccmx.c:220:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccmx: malloc failed");
data/argyll-2.0.1+repack/xicc/ccmx.c:226:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccmx: Input file doesn't contain keyword INSTRUMENT");
data/argyll-2.0.1+repack/xicc/ccmx.c:230:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccmx: malloc failed");
data/argyll-2.0.1+repack/xicc/ccmx.c:236:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccmx: malloc failed");
data/argyll-2.0.1+repack/xicc/ccmx.c:242:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccmx: malloc failed");
data/argyll-2.0.1+repack/xicc/ccmx.c:249:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccmx: Input file doesn't contain keyword DISPLAY or TECHNOLOGY");
data/argyll-2.0.1+repack/xicc/ccmx.c:261:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->cc_cbid = atoi(icg->t[0].kdata[ti]);
data/argyll-2.0.1+repack/xicc/ccmx.c:268:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccmx: malloc failed");
data/argyll-2.0.1+repack/xicc/ccmx.c:275:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccmx: malloc failed");
data/argyll-2.0.1+repack/xicc/ccmx.c:302:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccmx: Input file doesn't have exactly 3 sets");
data/argyll-2.0.1+repack/xicc/ccmx.c:327:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccmx: new_cgats() failed");
data/argyll-2.0.1+repack/xicc/ccmx.c:360:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p->err, "new_cgatsFileMem failed");
data/argyll-2.0.1+repack/xicc/ccmx.c:366:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccmx: new_cgats() failed");
data/argyll-2.0.1+repack/xicc/ccmx.c:414:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "set_ccmx: malloc failed");
data/argyll-2.0.1+repack/xicc/ccmx.c:418:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "set_ccmx: malloc failed");
data/argyll-2.0.1+repack/xicc/ccmx.c:422:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "set_ccmx: malloc failed");
data/argyll-2.0.1+repack/xicc/ccmx.c:431:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "set_ccmx: malloc sel failed");
data/argyll-2.0.1+repack/xicc/ccmx.c:436:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "set_ccmx: malloc failed");
data/argyll-2.0.1+repack/xicc/ccmx.c:572:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "create_ccmx: malloc failed");
data/argyll-2.0.1+repack/xicc/ccmx.c:576:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "create_ccmx: malloc failed");
data/argyll-2.0.1+repack/xicc/ccmx.c:580:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "create_ccmx: malloc failed");
data/argyll-2.0.1+repack/xicc/ccmx.c:589:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "create_ccmx: malloc sel failed");
data/argyll-2.0.1+repack/xicc/ccmx.c:595:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "create_ccmx: malloc failed");
data/argyll-2.0.1+repack/xicc/ccmx.c:629:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "create_ccmx: powell() failed");
data/argyll-2.0.1+repack/xicc/ccmx.c:690:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "create_ccmx: not implemented in ccmx.c");
data/argyll-2.0.1+repack/xicc/ccmx.h:43:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int (*set_ccmx)(struct _ccmx *p, char *desc, char *inst, char *disp, disptech dtech,
data/argyll-2.0.1+repack/xicc/ccmx.h:43:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int (*set_ccmx)(struct _ccmx *p, char *desc, char *inst, char *disp, disptech dtech,
data/argyll-2.0.1+repack/xicc/ccmx.h:43:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int (*set_ccmx)(struct _ccmx *p, char *desc, char *inst, char *disp, disptech dtech,
data/argyll-2.0.1+repack/xicc/ccmx.h:44:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int refrmode, int cbid, char *sel, char *refd, int oem, double mtx[3][3]);
data/argyll-2.0.1+repack/xicc/ccmx.h:44:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int refrmode, int cbid, char *sel, char *refd, int oem, double mtx[3][3]);
data/argyll-2.0.1+repack/xicc/ccmx.h:47:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int (*create_ccmx)(struct _ccmx *p, char *desc, char *inst, char *disp, disptech dtech,
data/argyll-2.0.1+repack/xicc/ccmx.h:47:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int (*create_ccmx)(struct _ccmx *p, char *desc, char *inst, char *disp, disptech dtech,
data/argyll-2.0.1+repack/xicc/ccmx.h:47:62: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int (*create_ccmx)(struct _ccmx *p, char *desc, char *inst, char *disp, disptech dtech,
data/argyll-2.0.1+repack/xicc/ccmx.h:48:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int refrmode, int cbid, char *sel, char *refd, int oem,
data/argyll-2.0.1+repack/xicc/ccmx.h:48:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int refrmode, int cbid, char *sel, char *refd, int oem,
data/argyll-2.0.1+repack/xicc/ccmx.h:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[200]; /* Error message */
data/argyll-2.0.1+repack/xicc/ccss.c:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/xicc/ccss.c:101:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "write_ccss: ccss doesn't contain display or techology strings");
data/argyll-2.0.1+repack/xicc/ccss.c:114:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d", p->samples[0].spec_n);
data/argyll-2.0.1+repack/xicc/ccss.c:116:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f", p->samples[0].spec_wl_short);
data/argyll-2.0.1+repack/xicc/ccss.c:118:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f", p->samples[0].spec_wl_long);
data/argyll-2.0.1+repack/xicc/ccss.c:120:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f", p->samples[0].norm);
data/argyll-2.0.1+repack/xicc/ccss.c:139:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d",nm);
data/argyll-2.0.1+repack/xicc/ccss.c:149:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p->err, "Malloc failed!");
data/argyll-2.0.1+repack/xicc/ccss.c:158:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",i+1);
data/argyll-2.0.1+repack/xicc/ccss.c:184:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p->err, "Need at least three spectral samples");
data/argyll-2.0.1+repack/xicc/ccss.c:216:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p->err, "Need at least three spectral samples");
data/argyll-2.0.1+repack/xicc/ccss.c:226:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p->err, "new_cgatsFileMem failed");
data/argyll-2.0.1+repack/xicc/ccss.c:240:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p->err, "cgatsFileMem get_buf failed");
data/argyll-2.0.1+repack/xicc/ccss.c:262:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccss: Input file isn't a CCSS format file");
data/argyll-2.0.1+repack/xicc/ccss.c:266:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "Input file doesn't contain exactly one table");
data/argyll-2.0.1+repack/xicc/ccss.c:274:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccss: malloc failed");
data/argyll-2.0.1+repack/xicc/ccss.c:280:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccss: malloc failed");
data/argyll-2.0.1+repack/xicc/ccss.c:286:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccss: malloc failed");
data/argyll-2.0.1+repack/xicc/ccss.c:293:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccss: malloc failed");
data/argyll-2.0.1+repack/xicc/ccss.c:299:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccss: malloc failed");
data/argyll-2.0.1+repack/xicc/ccss.c:306:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccss: Input file doesn't contain keyword DISPLAY or TECHNOLOGY");
data/argyll-2.0.1+repack/xicc/ccss.c:318:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccss: malloc failed");
data/argyll-2.0.1+repack/xicc/ccss.c:325:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccss: malloc failed");
data/argyll-2.0.1+repack/xicc/ccss.c:340:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"Input file doesn't contain keyword SPECTRAL_BANDS");
data/argyll-2.0.1+repack/xicc/ccss.c:343:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sp.spec_n = atoi(icg->t[0].kdata[ii]);
data/argyll-2.0.1+repack/xicc/ccss.c:345:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"Input file doesn't contain keyword SPECTRAL_START_NM");
data/argyll-2.0.1+repack/xicc/ccss.c:350:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"Input file doesn't contain keyword SPECTRAL_END_NM");
data/argyll-2.0.1+repack/xicc/ccss.c:363:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/xicc/ccss.c:370:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d",nm);
data/argyll-2.0.1+repack/xicc/ccss.c:379:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "Input file doesn't contain at least three spectral samples");
data/argyll-2.0.1+repack/xicc/ccss.c:386:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p->err, "Malloc failed!");
data/argyll-2.0.1+repack/xicc/ccss.c:416:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccss: new_cgats() failed");
data/argyll-2.0.1+repack/xicc/ccss.c:449:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p->err, "new_cgatsFileMem failed");
data/argyll-2.0.1+repack/xicc/ccss.c:455:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_ccss: new_cgats() failed");
data/argyll-2.0.1+repack/xicc/ccss.c:499:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "set_ccss: malloc orig failed");
data/argyll-2.0.1+repack/xicc/ccss.c:505:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "set_ccss: malloc desc failed");
data/argyll-2.0.1+repack/xicc/ccss.c:511:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "set_ccss: malloc crdate failed");
data/argyll-2.0.1+repack/xicc/ccss.c:517:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "set_ccss: malloc disp failed");
data/argyll-2.0.1+repack/xicc/ccss.c:525:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "set_ccss: malloc sel failed");
data/argyll-2.0.1+repack/xicc/ccss.c:531:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "set_ccss: malloc ref failed");
data/argyll-2.0.1+repack/xicc/ccss.c:544:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p->err, "Must be at least three spectral samples");
data/argyll-2.0.1+repack/xicc/ccss.c:551:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p->err, "Malloc failed!");
data/argyll-2.0.1+repack/xicc/ccss.h:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[200]; /* Error message */
data/argyll-2.0.1+repack/xicc/ccttest.c:125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[100] = { '\000' }; /* Spectrum name */
data/argyll-2.0.1+repack/xicc/ccttest.c:129:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/argyll-2.0.1+repack/xicc/cgatsplot.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[100];
data/argyll-2.0.1+repack/xicc/cgatsplot.c:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xyzfname[3] = { "XYZ_X", "XYZ_Y", "XYZ_Z" };
data/argyll-2.0.1+repack/xicc/cgatsplot.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *labfname[3] = { "LAB_L", "LAB_A", "LAB_B" };
data/argyll-2.0.1+repack/xicc/cgatsplot.c:163:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100];
data/argyll-2.0.1+repack/xicc/extracticc.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[JMSG_LENGTH_MAX];
data/argyll-2.0.1+repack/xicc/extracticc.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[MAXNAMEL+1]; /* TIFF input name */
data/argyll-2.0.1+repack/xicc/extracticc.c:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[MAXNAMEL+1]; /* ICC output name */
data/argyll-2.0.1+repack/xicc/extracticc.c:182:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rf = fopen(in_name,"rb")) == NULL)
data/argyll-2.0.1+repack/xicc/extracticc.c:184:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rf = fopen(in_name,"r")) == NULL)
data/argyll-2.0.1+repack/xicc/extractttag.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[MAXNAMEL+1]; /* TIFF input name */
data/argyll-2.0.1+repack/xicc/extractttag.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[MAXNAMEL+1]; /* ICC output name */
data/argyll-2.0.1+repack/xicc/extractttag.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_name[MXTGNMS] = { 't','a','r','g' };
data/argyll-2.0.1+repack/xicc/fakeCMY.c:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[100];
data/argyll-2.0.1+repack/xicc/fakeCMY.c:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[100];
data/argyll-2.0.1+repack/xicc/fakeCMY.c:170:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tlimit = atoi(na)/100.0;
data/argyll-2.0.1+repack/xicc/fakeCMY.c:176:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
klimit = atoi(na)/100.0;
data/argyll-2.0.1+repack/xicc/fakeCMY.c:183:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tres = atoi(na);
data/argyll-2.0.1+repack/xicc/fakeCMY.c:430:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/argyll-2.0.1+repack/xicc/fakeCMY.c:448:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%.0f",tlimit);
data/argyll-2.0.1+repack/xicc/fakeCMY.c:453:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%.0f",klimit);
data/argyll-2.0.1+repack/xicc/fakeCMY.c:472:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", i+1);
data/argyll-2.0.1+repack/xicc/fbview.c:79:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[100];
data/argyll-2.0.1+repack/xicc/fbview.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xl, out_name[100];
data/argyll-2.0.1+repack/xicc/iccgamut.c:104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prof_name[MAXNAMEL+1];
data/argyll-2.0.1+repack/xicc/iccgamut.c:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xl, out_name[MAXNAMEL+4+1];
data/argyll-2.0.1+repack/xicc/iccgamut.c:280:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tlimit = atoi(na);
data/argyll-2.0.1+repack/xicc/iccgamut.c:286:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
klimit = atoi(na);
data/argyll-2.0.1+repack/xicc/iccgamut.c:317:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vc_e = atoi(na);
data/argyll-2.0.1+repack/xicc/iccgamut.c:527:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl,".gam");
data/argyll-2.0.1+repack/xicc/iccjpeg.c:198:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker_present[MAX_SEQ_NO+1]; /* 1 if marker found */
data/argyll-2.0.1+repack/xicc/icheck.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[100];
data/argyll-2.0.1+repack/xicc/icheck.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[100], *xl;
data/argyll-2.0.1+repack/xicc/mpp.c:204:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/xicc/mpp.c:225:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%5.1f",p->limit * 100.0);
data/argyll-2.0.1+repack/xicc/mpp.c:232:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",p->cord);
data/argyll-2.0.1+repack/xicc/mpp.c:260:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d", p->spec_n);
data/argyll-2.0.1+repack/xicc/mpp.c:262:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f", p->spec_wl_short);
data/argyll-2.0.1+repack/xicc/mpp.c:264:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f", p->spec_wl_long);
data/argyll-2.0.1+repack/xicc/mpp.c:266:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f", p->norm * 100.0);
data/argyll-2.0.1+repack/xicc/mpp.c:277:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d",nm);
data/argyll-2.0.1+repack/xicc/mpp.c:284:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"write_mpp: malloc of setel failed");
data/argyll-2.0.1+repack/xicc/mpp.c:292:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"t_%d_%d",i,j);
data/argyll-2.0.1+repack/xicc/mpp.c:308:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"s_%d_%d",m, k);
data/argyll-2.0.1+repack/xicc/mpp.c:321:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"c_%d",i);
data/argyll-2.0.1+repack/xicc/mpp.c:365:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "read_mpp: new_cgats() failed");
data/argyll-2.0.1+repack/xicc/mpp.c:457:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->cord = atoi(icg->t[0].kdata[ti]);
data/argyll-2.0.1+repack/xicc/mpp.c:476:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xyzfname[3] = { "XYZ_X", "XYZ_Y", "XYZ_Z" };
data/argyll-2.0.1+repack/xicc/mpp.c:477:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *labfname[3] = { "LAB_L", "LAB_A", "LAB_B" };
data/argyll-2.0.1+repack/xicc/mpp.c:478:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/xicc/mpp.c:486:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->spec_n = atoi(icg->t[0].kdata[ti]);
data/argyll-2.0.1+repack/xicc/mpp.c:562:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d",nm);
data/argyll-2.0.1+repack/xicc/mpp.c:583:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"t_%d_%d",i,j);
data/argyll-2.0.1+repack/xicc/mpp.c:604:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"s_%d_%d",m, k);
data/argyll-2.0.1+repack/xicc/mpp.c:622:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"c_%d",i);
data/argyll-2.0.1+repack/xicc/mpp.c:711:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"No Spectral Data in MPP");
data/argyll-2.0.1+repack/xicc/mpp.c:3685:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"MPP Can't handle %d colorants",p->n);
data/argyll-2.0.1+repack/xicc/mpp.c:3692:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"MPP Can't handle %d spectral bands",spec_n);
data/argyll-2.0.1+repack/xicc/mpp.c:4405:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((df = fopen("debug.txt","w")) == NULL)
data/argyll-2.0.1+repack/xicc/mpp.c:4408:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((df = fopen("debug.txt","a")) == NULL)
data/argyll-2.0.1+repack/xicc/mpp.h:184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[200]; /* Error message */
data/argyll-2.0.1+repack/xicc/mpplu.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prof_name[100];
data/argyll-2.0.1+repack/xicc/mpplu.c:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/argyll-2.0.1+repack/xicc/mpplu.c:306:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
test = atoi(na);
data/argyll-2.0.1+repack/xicc/mpplu.c:436:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xl, gam_name[100];
data/argyll-2.0.1+repack/xicc/mpplu.c:450:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xl, gam_name[100];
data/argyll-2.0.1+repack/xicc/mpplu.c:459:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl,".gam");
data/argyll-2.0.1+repack/xicc/revfix.c:279:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[MAXNAMEL+1];
data/argyll-2.0.1+repack/xicc/revfix.c:280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_name[MAXNAMEL+1];
data/argyll-2.0.1+repack/xicc/revfix.c:281:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abs_name[MAXNAMEL+1] = "\000"; /* Abstract profile name */
data/argyll-2.0.1+repack/xicc/revfix.c:339:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
clutres = atoi(na);
data/argyll-2.0.1+repack/xicc/revfix.c:401:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tlimit = atoi(na)/100.0;
data/argyll-2.0.1+repack/xicc/revfix.c:406:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
klimit = atoi(na)/100.0;
data/argyll-2.0.1+repack/xicc/specplot.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAXGRAPHS][200],
data/argyll-2.0.1+repack/xicc/specplot.c:254:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXGRAPHS][200];
data/argyll-2.0.1+repack/xicc/spectest.c:605:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((df = fopen("spectest.dat", "w")) == NULL)
data/argyll-2.0.1+repack/xicc/tiffgamut.c:262:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/argyll-2.0.1+repack/xicc/tiffgamut.c:289:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Unknown Photometric Tag %d",pmtc);
data/argyll-2.0.1+repack/xicc/tiffgamut.c:298:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[JMSG_LENGTH_MAX];
data/argyll-2.0.1+repack/xicc/tiffgamut.c:312:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/argyll-2.0.1+repack/xicc/tiffgamut.c:327:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Unknown JPEG colorspace %d",cspace);
data/argyll-2.0.1+repack/xicc/tiffgamut.c:336:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prof_name[MAXNAMEL+1] = { '\000' }; /* ICC profile name, "" if none */
data/argyll-2.0.1+repack/xicc/tiffgamut.c:337:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[MAXNAMEL+1]; /* TIFF input file */
data/argyll-2.0.1+repack/xicc/tiffgamut.c:645:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(xl,".gam");
data/argyll-2.0.1+repack/xicc/tiffgamut.c:961:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rf = fopen(in_name,"rb")) == NULL)
data/argyll-2.0.1+repack/xicc/tiffgamut.c:963:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rf = fopen(in_name,"r")) == NULL)
data/argyll-2.0.1+repack/xicc/tiffgamut.c:1090:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int v = ((unsigned char *)inbuf)[x * samplesperpixel + i];
data/argyll-2.0.1+repack/xicc/tiffgmts.c:238:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/argyll-2.0.1+repack/xicc/tiffgmts.c:265:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Unknown Photometric Tag %d",pmtc);
data/argyll-2.0.1+repack/xicc/tiffgmts.c:279:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prof_name[MAXNAMEL+1] = { '\000' }; /* ICC profile name, "" if none */
data/argyll-2.0.1+repack/xicc/tiffgmts.c:280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[MAXNAMEL+1]; /* TIFF input file */
data/argyll-2.0.1+repack/xicc/tiffgmts.c:719:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int v = ((unsigned char *)inbuf)[x * samplesperpixel + e];
data/argyll-2.0.1+repack/xicc/tiffgmts.c:990:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/xicc/tiffgmts.c:993:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",i+1);
data/argyll-2.0.1+repack/xicc/transplot.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[100];
data/argyll-2.0.1+repack/xicc/xcal.c:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/xicc/xcal.c:182:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"new_rspl() failed");
data/argyll-2.0.1+repack/xicc/xcal.c:187:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"malloc dpoints[%d] failed",gres[0]);
data/argyll-2.0.1+repack/xicc/xcal.c:225:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "ICC profile has no vcgt");
data/argyll-2.0.1+repack/xicc/xcal.c:234:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "Unable to determine inkmask from ICC profile");
data/argyll-2.0.1+repack/xicc/xcal.c:271:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"new_rspl() failed");
data/argyll-2.0.1+repack/xicc/xcal.c:276:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"malloc dpoints[%d] failed",gres[0]);
data/argyll-2.0.1+repack/xicc/xcal.c:310:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "new_cgats() failed");
data/argyll-2.0.1+repack/xicc/xcal.c:343:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/xicc/xcal.c:365:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"Unknown device class 0x%x",p->devclass);
data/argyll-2.0.1+repack/xicc/xcal.c:404:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"Malloc failed");
data/argyll-2.0.1+repack/xicc/xcal.c:439:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err, "new_cgats() failed");
data/argyll-2.0.1+repack/xicc/xcal.h:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[CGATS_ERRM_LENGTH]; /* Error message */
data/argyll-2.0.1+repack/xicc/xcolorantslu.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/argyll-2.0.1+repack/xicc/xfbview.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_name[100];
data/argyll-2.0.1+repack/xicc/xfbview.c:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *xl, out_name[100];
data/argyll-2.0.1+repack/xicc/xfbview.c:165:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tlimit = atoi(na)/100.0;
data/argyll-2.0.1+repack/xicc/xfbview.c:170:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
klimit = atoi(na)/100.0;
data/argyll-2.0.1+repack/xicc/xfbview.c:177:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tres = atoi(na);
data/argyll-2.0.1+repack/xicc/xicc.c:1091:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"Can only create Device->PCS profiles from scattered data.");
data/argyll-2.0.1+repack/xicc/xicc.c:1110:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"Setting Monochrome Fwd profile from scattered data not supported.");
data/argyll-2.0.1+repack/xicc/xicc.c:1663:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"Enum VC: Failed to read Media White point");
data/argyll-2.0.1+repack/xicc/xicc.c:1927:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"Enum VC: Unrecognised enumeration %d",no);
data/argyll-2.0.1+repack/xicc/xicc.h:334:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[512]; /* Error message */
data/argyll-2.0.1+repack/xicc/xicclu.c:172:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prof_name[MAXNAMEL+1];
data/argyll-2.0.1+repack/xicc/xicclu.c:213:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/argyll-2.0.1+repack/xicc/xicclu.c:615:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tlimit = atoi(na)/100.0;
data/argyll-2.0.1+repack/xicc/xicclu.c:621:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
klimit = atoi(na)/100.0;
data/argyll-2.0.1+repack/xicc/xicclu.c:638:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vc_e = atoi(na);
data/argyll-2.0.1+repack/xicc/xlut.c:2018:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->pp->err,"xicc can only handle input channels of %d or less",MXDI);
data/argyll-2.0.1+repack/xicc/xlut.c:2025:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->pp->err,"xicc can only handle output channels of %d or less",MXDO);
data/argyll-2.0.1+repack/xicc/xlut.c:2411:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->pp->err,"Creation of input table rspl failed");
data/argyll-2.0.1+repack/xicc/xlut.c:2434:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->pp->err,"Creation of reverse input table rspl failed");
data/argyll-2.0.1+repack/xicc/xlut.c:2467:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->pp->err,"Creation of clut table rspl failed");
data/argyll-2.0.1+repack/xicc/xlut.c:2505:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->pp->err,"Creation of output table rspl failed");
data/argyll-2.0.1+repack/xicc/xlut.c:2593:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->pp->err,"Creation of clut table rspl failed");
data/argyll-2.0.1+repack/xicc/xlut.c:3309:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xicp->err,"set_icxLuLut: can't handle test points without a white patch");
data/argyll-2.0.1+repack/xicc/xlut.c:3360:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->pp->err,"Creation of xfit object failed");
data/argyll-2.0.1+repack/xicc/xlut.c:3466:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->pp->err,"xfit fitting failed");
data/argyll-2.0.1+repack/xicc/xlut.c:3484:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->pp->err,"Creation of input table rspl failed");
data/argyll-2.0.1+repack/xicc/xlut.c:3508:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->pp->err,"Creation of output table rspl failed");
data/argyll-2.0.1+repack/xicc/xlut.c:3537:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->pp->err,"Creation of reverse input table rspl failed");
data/argyll-2.0.1+repack/xicc/xlut.c:3803:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xicp->err,"icx_set_luminance: couldn't find luminance tag");
data/argyll-2.0.1+repack/xicc/xlut.c:3809:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xicp->err,"luminance: tag has wrong type");
data/argyll-2.0.1+repack/xicc/xlut.c:3830:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xicp->err,"icx_set_white_black: couldn't find white tag");
data/argyll-2.0.1+repack/xicc/xlut.c:3837:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xicp->err,"icx_set_white_black: white tag has wrong type");
data/argyll-2.0.1+repack/xicc/xlut.c:3854:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xicp->err,"icx_set_white_black: couldn't find black tag");
data/argyll-2.0.1+repack/xicc/xlut.c:3861:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xicp->err,"icx_set_white_black: black tag has wrong type");
data/argyll-2.0.1+repack/xicc/xlut.c:4104:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"Creating Gamut surface for anything other than Device <-> PCS is not supported.");
data/argyll-2.0.1+repack/xicc/xlut.c:4110:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"Creating Gamut surface PCS of other than Lab or Jab is not supported.");
data/argyll-2.0.1+repack/xicc/xlut.c:4613:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"Creating CuspMap for anything other than Device -> PCS is not supported.");
data/argyll-2.0.1+repack/xicc/xlut.c:4619:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"Creating CuspMap PCS of other than Lab or Jab is not supported.");
data/argyll-2.0.1+repack/xicc/xlut.c:4628:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"Malloc of icxCuspMap failed");
data/argyll-2.0.1+repack/xicc/xlut.c:4635:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"Malloc of icxCuspMap failed");
data/argyll-2.0.1+repack/xicc/xlut.c:4643:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"Malloc of icxCuspMap failed");
data/argyll-2.0.1+repack/xicc/xlutfix.c:450:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->icp->err,"icxLut_set_tables: malloc() failed");
data/argyll-2.0.1+repack/xicc/xlutfix.c:478:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->icp->err,"icxLut_set_tables: malloc() failed");
data/argyll-2.0.1+repack/xicc/xlutfix.c:487:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((xcs.tf = fopen(tname,"w")) == NULL) {
data/argyll-2.0.1+repack/xicc/xlutfix.c:489:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((xcs.tf = fopen(tname,"r")) == NULL) {
data/argyll-2.0.1+repack/xicc/xmatrix.c:769:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(err,"Allocation of scattered coordinate array failed");
data/argyll-2.0.1+repack/xicc/xmatrix.c:1281:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xicp->err,"icx_set_matrix: TRC sharing is inconsistent");
data/argyll-2.0.1+repack/xicc/xmatrix.c:1288:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xicp->err,"icx_set_matrix: TRC type is inconsistent");
data/argyll-2.0.1+repack/xicc/xmatrix.c:1303:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xicp->err,"icx_set_matrix: malloc failed");
data/argyll-2.0.1+repack/xicc/xmatrix.c:1317:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->pp->err,"Can't create matrix profile with PCS of Lab !");
data/argyll-2.0.1+repack/xicc/xmatrix.c:1494:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xicp->err,"set_icxLuMatrix: can't handle test points without a white patch");
data/argyll-2.0.1+repack/xicc/xmatrix.c:1536:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xicp->err,"set_icxLuMatrix: malloc failed");
data/argyll-2.0.1+repack/xicc/xmatrix.c:1795:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xicp->err,"icx_set_luminance: couldn't find luminance tag");
data/argyll-2.0.1+repack/xicc/xmatrix.c:1801:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xicp->err,"luminance: tag has wrong type");
data/argyll-2.0.1+repack/xicc/xmatrix.c:1823:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xicp->err,"icx_set_white_black: couldn't find white tag");
data/argyll-2.0.1+repack/xicc/xmatrix.c:1829:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xicp->err,"icx_set_white_black: white tag has wrong type");
data/argyll-2.0.1+repack/xicc/xmatrix.c:1849:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xicp->err,"icx_set_white_black: couldn't find black tag");
data/argyll-2.0.1+repack/xicc/xmatrix.c:1855:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(xicp->err,"icx_set_white_black: black tag has wrong type");
data/argyll-2.0.1+repack/xicc/xmatrix.c:2001:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"Creating Gamut surface for anything other than Device <-> PCS is not supported.");
data/argyll-2.0.1+repack/xicc/xmatrix.c:2007:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"Creating Gamut surface PCS of other than Lab or Jab is not supported.");
data/argyll-2.0.1+repack/xicc/xmono.c:320:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->err,"Creating Mono gamut surface not supported yet.");
data/argyll-2.0.1+repack/xicc/xspect.c:759:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[50];
data/argyll-2.0.1+repack/xicc/xspect.c:793:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "OD%d",(int)(temp+0.5));
data/argyll-2.0.1+repack/xicc/xspect.c:796:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "D%d",(int)(temp+0.5));
data/argyll-2.0.1+repack/xicc/xspect.c:799:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "OP%d",(int)(temp+0.5));
data/argyll-2.0.1+repack/xicc/xspect.c:802:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "P%d",(int)(temp+0.5));
data/argyll-2.0.1+repack/xicc/xspect.c:3609:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/xicc/xspect.c:3655:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d", sp->spec_n);
data/argyll-2.0.1+repack/xicc/xspect.c:3658:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d", sp->spec_n);
data/argyll-2.0.1+repack/xicc/xspect.c:3660:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f", sp->spec_wl_short);
data/argyll-2.0.1+repack/xicc/xspect.c:3662:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f", sp->spec_wl_long);
data/argyll-2.0.1+repack/xicc/xspect.c:3664:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%f", sp->norm);
data/argyll-2.0.1+repack/xicc/xspect.c:3675:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d",nm);
data/argyll-2.0.1+repack/xicc/xspect.c:3737:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/argyll-2.0.1+repack/xicc/xspect.c:3797:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
proto.spec_n = atoi(icg->t[0].kdata[ii]);
data/argyll-2.0.1+repack/xicc/xspect.c:3824:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"SPEC_%03d",nm);
data/argyll-2.0.1+repack/xicc/xspect.c:3933:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int write_cmf(char *fname, xspect sp[3]) {
data/argyll-2.0.1+repack/xicc/xspect.h:138:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int write_cmf(char *fname, xspect cmf[3]);
data/argyll-2.0.1+repack/xicc/xutils.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[JMSG_LENGTH_MAX];
data/argyll-2.0.1+repack/xicc/xutils.c:204:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rf = fopen(file_name,"rb")) == NULL)
data/argyll-2.0.1+repack/xicc/xutils.c:206:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rf = fopen(file_name,"r")) == NULL)
data/argyll-2.0.1+repack/xml/mxml-config.h:64:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open _open
data/argyll-2.0.1+repack/xml/mxml-file.c:254:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192]; /* Temporary buffer */
data/argyll-2.0.1+repack/xml/mxml-file.c:403:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptr[2]; /* Pointers for putc_cb */
data/argyll-2.0.1+repack/xml/mxml-file.c:1360:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entity[64], /* Entity string */
data/argyll-2.0.1+repack/xml/mxml-file.c:2743:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[255]; /* Temporary string */
data/argyll-2.0.1+repack/xml/mxml-file.c:2910:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%d", node->value.integer);
data/argyll-2.0.1+repack/xml/mxml-file.c:2940:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%f", node->value.real);
data/argyll-2.0.1+repack/xml/mxml-node.c:698:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char element[1024]; /* Element text */
data/argyll-2.0.1+repack/xml/mxml-private.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024]; /* Message string */
data/argyll-2.0.1+repack/xml/mxml-search.c:134:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char element[256]; /* Current element name */
data/argyll-2.0.1+repack/xml/mxml-search.c:175:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(element, path, pathsep - path);
data/argyll-2.0.1+repack/xml/mxml-search.c:214:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char element[256]; /* Current element name */
data/argyll-2.0.1+repack/xml/mxml-search.c:255:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(element, path, pathsep - path);
data/argyll-2.0.1+repack/xml/mxml-string.c:41:30: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define va_copy(dst,src) memcpy(&dst, &src, sizeof(va_list))
data/argyll-2.0.1+repack/xml/mxml-string.c:135:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tformat[100], /* Temporary format string for sprintf() */
data/argyll-2.0.1+repack/xml/mxml-string.c:361:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufptr, va_arg(ap, char *), (size_t)width);
data/argyll-2.0.1+repack/xml/mxmldoc.c:479:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(argv[i], "r")) != NULL)
data/argyll-2.0.1+repack/xml/mxmldoc.c:529:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(argv[i], "r")) == NULL)
data/argyll-2.0.1+repack/xml/mxmldoc.c:553:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(xmlfile, "w")) != NULL)
data/argyll-2.0.1+repack/xml/mxmldoc.c:636:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[16384], /* String buffer */
data/argyll-2.0.1+repack/xml/mxmldoc.c:813:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[10240], /* Description text */
data/argyll-2.0.1+repack/xml/mxmldoc.c:816:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char info[1024]; /* Info string */
data/argyll-2.0.1+repack/xml/mxmldoc.c:874:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, current->value.text.string, len);
data/argyll-2.0.1+repack/xml/mxmldoc.c:883:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, current->value.opaque, len);
data/argyll-2.0.1+repack/xml/mxmldoc.c:949:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Current filename */
data/argyll-2.0.1+repack/xml/mxmldoc.c:1042:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[65536], /* String buffer */
data/argyll-2.0.1+repack/xml/mxmldoc.c:2771:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[10240], /* Text for description */
data/argyll-2.0.1+repack/xml/mxmldoc.c:2989:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[8192]; /* Line from file */
data/argyll-2.0.1+repack/xml/mxmldoc.c:2992:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file, "r")) == NULL)
data/argyll-2.0.1+repack/xml/mxmldoc.c:3160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024]; /* Current output filename */
data/argyll-2.0.1+repack/xml/mxmldoc.c:3184:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((out = fopen(filename, "w")) == NULL)
data/argyll-2.0.1+repack/xml/mxmldoc.c:3230:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((out = fopen(filename, "w")) == NULL)
data/argyll-2.0.1+repack/xml/mxmldoc.c:3260:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((out = fopen(filename, "w")) == NULL)
data/argyll-2.0.1+repack/xml/mxmldoc.c:3327:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((out = fopen(filename, "w")) == NULL)
data/argyll-2.0.1+repack/xml/mxmldoc.c:3382:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((out = fopen(filename, "w")) == NULL)
data/argyll-2.0.1+repack/xml/mxmldoc.c:3414:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((out = fopen(filename, "w")) == NULL)
data/argyll-2.0.1+repack/xml/mxmldoc.c:3437:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((out = fopen(filename, "w")) == NULL)
data/argyll-2.0.1+repack/xml/mxmldoc.c:3781:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *args[4]; /* Argument array */
data/argyll-2.0.1+repack/xml/mxmldoc.c:4038:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024]; /* String buffer */
data/argyll-2.0.1+repack/xml/mxmldoc.c:4821:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (introfile && (fp = fopen(introfile, "r")) != NULL)
data/argyll-2.0.1+repack/xml/mxmldoc.c:4823:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[8192], /* Line from file */
data/argyll-2.0.1+repack/xml/testmxml.c:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[16384]; /* Save string */
data/argyll-2.0.1+repack/xml/testmxml.c:462:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fp = fopen(argv[1], "rb")) == NULL)
data/argyll-2.0.1+repack/xml/testmxml.c:536:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(argv[1], O_RDONLY | O_BINARY)) < 0)
data/argyll-2.0.1+repack/xml/testmxml.c:556:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(buffer, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0666)) < 0)
data/argyll-2.0.1+repack/xml/testmxml.c:586:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if ((fp = fopen(argv[1], "rb")) == NULL)
data/argyll-2.0.1+repack/yajl/json_verify.c:42:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char fileData[65536];
data/argyll-2.0.1+repack/yajl/yajl.c:67:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) &(hand->alloc), (void *) afs, sizeof(yajl_alloc_funcs));
data/argyll-2.0.1+repack/yajl/yajl_buf.c:76:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->data + buf->used, data, len);
data/argyll-2.0.1+repack/yajl/yajl_encode.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexBuf[7];
data/argyll-2.0.1+repack/yajl/yajl_encode.c:124:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8Buf[5];
data/argyll-2.0.1+repack/yajl/yajl_gen.c:122:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) &(g->alloc), (void *) afs, sizeof(yajl_alloc_funcs));
data/argyll-2.0.1+repack/yajl/yajl_gen.c:253:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pendingComment + g->pendingLen + 0, str, len);
data/argyll-2.0.1+repack/yajl/yajl_gen.c:258:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g->pendingComment, str, len);
data/argyll-2.0.1+repack/yajl/yajl_gen.c:267:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char i[32];
data/argyll-2.0.1+repack/yajl/yajl_gen.c:269:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(i, "%" PF64PREC "d", number);
data/argyll-2.0.1+repack/yajl/yajl_gen.c:285:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char i[32];
data/argyll-2.0.1+repack/yajl/yajl_gen.c:289:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(i, "%.20g", number);
data/argyll-2.0.1+repack/yajl/yajl_gen.c:291:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(i, ".0");
data/argyll-2.0.1+repack/yajl/yajl_lex.c:140:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char charLookupTable[256] =
data/argyll-2.0.1+repack/yajl/yajl_parser.c:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[72];
data/argyll-2.0.1+repack/yajl/yajl_parser.c:97:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat((char *) str, " error");
data/argyll-2.0.1+repack/yajl/yajl_parser.c:99:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat((char *) str, ": ");
data/argyll-2.0.1+repack/yajl/yajl_test.c:106:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, stringVal, stringLen);
data/argyll-2.0.1+repack/yajl/yajl_test.c:214:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bufSize = atoi(argv[i]);
data/argyll-2.0.1+repack/yajl/yajl_test.c:243:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(fileName, "r");
data/argyll-2.0.1+repack/yajl/yajl_tree.c:290:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->u.string, string, string_length);
data/argyll-2.0.1+repack/yajl/yajl_tree.c:311:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->u.number.r, string, string_length);
data/argyll-2.0.1+repack/ccast/axTLS/bigint.c:654:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int size = strlen(data);
data/argyll-2.0.1+repack/ccast/axTLS/crypto_misc.c:163:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(rng_fd, rand_data, num_rand_bytes); /* read from /dev/urandom */
data/argyll-2.0.1+repack/ccast/axTLS/gen_cert.c:126:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int name_size = strlen(name);
data/argyll-2.0.1+repack/ccast/axTLS/gen_cert.c:162:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (dn[X509_COMMON_NAME] == NULL || strlen(dn[X509_COMMON_NAME]) == 0)
data/argyll-2.0.1+repack/ccast/axTLS/gen_cert.c:166:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fqdn_len = strlen(fqdn);
data/argyll-2.0.1+repack/ccast/axTLS/gen_cert.c:169:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fqdn_len = strlen(fqdn);
data/argyll-2.0.1+repack/ccast/axTLS/gen_cert.c:180:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (dn[X509_ORGANIZATION] != NULL && strlen(dn[X509_ORGANIZATION]) > 0)
data/argyll-2.0.1+repack/ccast/axTLS/gen_cert.c:187:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(dn[X509_ORGANIZATIONAL_UNIT]) > 0)
data/argyll-2.0.1+repack/ccast/axTLS/loader.c:223:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (password == NULL || strlen(password) == 0)
data/argyll-2.0.1+repack/ccast/axTLS/loader.c:233:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start += strlen(aes_str[0]);
data/argyll-2.0.1+repack/ccast/axTLS/loader.c:238:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start += strlen(aes_str[1]);
data/argyll-2.0.1+repack/ccast/axTLS/loader.c:267:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5_ctx, (const uint8_t *)password, strlen(password));
data/argyll-2.0.1+repack/ccast/axTLS/loader.c:275:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5_Update(&md5_ctx, (const uint8_t *)password, strlen(password));
data/argyll-2.0.1+repack/ccast/axTLS/loader.c:310:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start += strlen(begins[i]);
data/argyll-2.0.1+repack/ccast/axTLS/loader.c:366:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end += strlen(ends[i]);
data/argyll-2.0.1+repack/ccast/axTLS/loader.c:367:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
remain -= strlen(ends[i]);
data/argyll-2.0.1+repack/ccast/axTLS/loader.c:427:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(CONFIG_SSL_PRIVATE_KEY_LOCATION) > 0)
data/argyll-2.0.1+repack/ccast/axTLS/loader.c:456:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(CONFIG_SSL_X509_CERT_LOCATION))
data/argyll-2.0.1+repack/ccast/axTLS/os_port.h:93:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read(A,B,C) _read(A,B,C)
data/argyll-2.0.1+repack/ccast/axTLS/os_port.h:96:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
#define usleep(A) Sleep(A/1000)
data/argyll-2.0.1+repack/ccast/axTLS/os_port.h:140:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define SOCKET_READ(A,B,C) read(A,B,C)
data/argyll-2.0.1+repack/ccast/axTLS/p12.c:168:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uni_pass = (char *)malloc((strlen(password)+1)*2);
data/argyll-2.0.1+repack/ccast/axTLS/p12.c:171:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (int)strlen(password); i++)
data/argyll-2.0.1+repack/ccast/axTLS/tls1.c:912:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q += strlen(label);
data/argyll-2.0.1+repack/ccast/ccmdns.c:201:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s);
data/argyll-2.0.1+repack/ccast/ccmes.c:118:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a1logd(g_log,0," %d bytes of text data:\n",strlen((char *)mes->data));
data/argyll-2.0.1+repack/ccast/ccmes.c:122:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen((char *)mes->data);
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:450:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = str ? strlen(str) : 0;
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:566:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(((char **) array)[i]);
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:886:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str);
data/argyll-2.0.1+repack/ccast/chan/protobuf-c.c:1421:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sublen = str ? strlen(str) : 0;
data/argyll-2.0.1+repack/cgats/cgats.c:415:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tp) > CGATS_ERRM_LENGTH/2) {
data/argyll-2.0.1+repack/cgats/cgats.c:453:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(tp)+1) * sizeof(char))) == NULL) {
data/argyll-2.0.1+repack/cgats/cgats.c:799:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((p->cgats_type = (char *)al->malloc(al, (strlen(osym)+1) * sizeof(char))) == NULL)
data/argyll-2.0.1+repack/cgats/cgats.c:818:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(char *)al->malloc(al, (strlen(osym)+1) * sizeof(char))) == NULL)
data/argyll-2.0.1+repack/cgats/cgats.c:1554:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fmt," ");
data/argyll-2.0.1+repack/cgats/cgats.c:1627:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((p = (char *)al->malloc(al, (strlen(((char *)dpoint))+1) * sizeof(char))) == NULL)
data/argyll-2.0.1+repack/cgats/cgats.c:1856:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(cs);
data/argyll-2.0.1+repack/cgats/cgats.c:2190:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (pp->read(pp, fp))
data/argyll-2.0.1+repack/cgats/cgats.h:110:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct _cgats *p, cgatsFile *fp); /* Read a cgats file into structure */
data/argyll-2.0.1+repack/cgats/cgatsstd.c:93:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rv = p->read(p, fp);
data/argyll-2.0.1+repack/cgats/pars.c:301:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((char *)p->cur); /* Length excluding nul */
data/argyll-2.0.1+repack/cgats/pars.h:100:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t (*read) (struct _cgatsFile *p, void *buffer, size_t size, size_t count); \
data/argyll-2.0.1+repack/cgats/parsstd.c:237:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return fgetc(p->fp);
data/argyll-2.0.1+repack/cgats/parsstd.c:398:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(nmode, "b");
data/argyll-2.0.1+repack/cgats/parsstd.c:410:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pp->filename = pp->al->malloc(pp->al, strlen(name) + 1);
data/argyll-2.0.1+repack/gamut/GenRMGam.c:752:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out_name,argv[1],MAXNAMEL); out_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/gamut/fakegam.c:214:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = out_name + strlen(out_name);
data/argyll-2.0.1+repack/gamut/gamut.c:2620:3: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/gamut/gamut.c:3859:2: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/gamut/gamut.c:5065:3: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/gamut/gamut.c:6221:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/gamut/maptest.c:106:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(img_name,na,MAXNAMEL); img_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/gamut/maptest.c:130:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = in_name + strlen(in_name);
data/argyll-2.0.1+repack/gamut/maptest.c:145:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = img_name + strlen(img_name);
data/argyll-2.0.1+repack/gamut/maptest.c:161:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = out_name + strlen(out_name);
data/argyll-2.0.1+repack/gamut/maptest.c:234:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = diag_name + strlen(diag_name);
data/argyll-2.0.1+repack/gamut/nearsmth.c:2342:4: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/gamut/nearsmth.c:2374:4: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/gamut/smthtest.c:185:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = in_name + strlen(in_name);
data/argyll-2.0.1+repack/gamut/smthtest.c:198:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = out_name + strlen(out_name);
data/argyll-2.0.1+repack/gamut/smthtest.c:225:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = diag_name + strlen(diag_name);
data/argyll-2.0.1+repack/gamut/viewgam.c:293:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(iout_name, na, MAXNAMEL); iout_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/gamut/viewgam.c:301:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gds[ng].in_name,argv[fa],MAXNAMEL); gds[ng].in_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/gamut/viewgam.c:318:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out_name, gds[--ng].in_name,MAXNAMEL); out_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/icc/icc.c:409:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((char *)p->cur); /* Length excluding nul */
data/argyll-2.0.1+repack/icc/icc.c:1294:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = cp + strlen(cp);
data/argyll-2.0.1+repack/icc/icc.c:1300:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = cp + strlen(cp);
data/argyll-2.0.1+repack/icc/icc.c:1319:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = cp + strlen(cp);
data/argyll-2.0.1+repack/icc/icc.c:1325:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = cp + strlen(cp);
data/argyll-2.0.1+repack/icc/icc.c:1331:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = cp + strlen(cp);
data/argyll-2.0.1+repack/icc/icc.c:1337:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = cp + strlen(cp);
data/argyll-2.0.1+repack/icc/icc.c:1356:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = cp + strlen(cp);
data/argyll-2.0.1+repack/icc/icc.c:1362:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = cp + strlen(cp);
data/argyll-2.0.1+repack/icc/icc.c:1381:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = cp + strlen(cp);
data/argyll-2.0.1+repack/icc/icc.c:1986:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:2222:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:2417:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:2612:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:2807:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:3002:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:3196:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:3432:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:3868:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:4144:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:4443:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:4796:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:6497:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:7057:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:7251:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(p->root) + 1;
data/argyll-2.0.1+repack/icc/icc.c:7316:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d += strlen(p->root) + 1;
data/argyll-2.0.1+repack/icc/icc.c:7382:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = sat_add(len, strlen(p->prefix) + 1); /* prefix of color names */
data/argyll-2.0.1+repack/icc/icc.c:7383:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = sat_add(len, strlen(p->suffix) + 1); /* suffix of color names */
data/argyll-2.0.1+repack/icc/icc.c:7385:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = sat_add(len, strlen(p->data[i].root) + 1); /* color names */
data/argyll-2.0.1+repack/icc/icc.c:7428:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:7487:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(p->prefix) + 1;
data/argyll-2.0.1+repack/icc/icc.c:7502:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(p->suffix) + 1;
data/argyll-2.0.1+repack/icc/icc.c:7515:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(p->data[i].root) + 1;
data/argyll-2.0.1+repack/icc/icc.c:7617:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(p->prefix) + 1;
data/argyll-2.0.1+repack/icc/icc.c:7626:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(p->suffix) + 1;
data/argyll-2.0.1+repack/icc/icc.c:7635:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(p->data[i].root) + 1;
data/argyll-2.0.1+repack/icc/icc.c:7918:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:8205:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:8281:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p->size = strlen(bp); /* Repair string */
data/argyll-2.0.1+repack/icc/icc.c:8443:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(p->desc) + 1;
data/argyll-2.0.1+repack/icc/icc.c:8946:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:9156:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:9338:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:9557:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:9627:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p->size = strlen(bp) + 1;
data/argyll-2.0.1+repack/icc/icc.c:9960:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:10398:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:10592:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, bp, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:10936:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| icp->fp->read(icp->fp, buf, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:11617:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (p->header->read(p->header, 128, of)) {
data/argyll-2.0.1+repack/icc/icc.c:11623:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| p->fp->read(p->fp, tcbuf, 1, 4) != 4) {
data/argyll-2.0.1+repack/icc/icc.c:11660:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| p->fp->read(p->fp, buf, 1, len) != len) {
data/argyll-2.0.1+repack/icc/icc.c:11695:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| p->fp->read(p->fp, tcbuf, 1, 4) != 4) {
data/argyll-2.0.1+repack/icc/icc.c:11838:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| p->fp->read(p->fp, buf, 1, 128) != 128) {
data/argyll-2.0.1+repack/icc/icc.c:11858:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (p->fp->read(p->fp, buf, 1, rsize) != rsize) {
data/argyll-2.0.1+repack/icc/icc.c:12735:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((nob->read(nob, p->data[i].size, p->of + p->data[i].offset)) != 0) {
data/argyll-2.0.1+repack/icc/icc.c:19828:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(bp, "%d", p[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/icc/icc.c:19851:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(bp, "%.8f", p[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/icc/icc.c:19874:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(bp, "%.8f", p[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/icc/icc.c:19897:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(bp, "%f", lab[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/icc/icc.h:252:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t (*read) (struct _icmFile *p, void *buffer, size_t size, size_t count); \
data/argyll-2.0.1+repack/icc/icc.h:440:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct _icmBase *p, unsigned int len, unsigned int of); \
data/argyll-2.0.1+repack/icc/icc.h:1137:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct _icmHeader *p, unsigned int len, unsigned int of);
data/argyll-2.0.1+repack/icc/icc.h:1484:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct _icc *p, icmFile *fp, unsigned int of); /* Returns error code */
data/argyll-2.0.1+repack/icc/iccdump.c:95:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tag_names[ntag_names],na,4);
data/argyll-2.0.1+repack/icc/iccdump.c:140:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fp->read(fp, &c, 1, 1) != 1) {
data/argyll-2.0.1+repack/icc/iccdump.c:182:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = icco->read(icco,fp,offset)) != 0)
data/argyll-2.0.1+repack/icc/icclu.c:245:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = icco->read(icco,fp,0)) != 0)
data/argyll-2.0.1+repack/icc/iccrw.c:100:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = icco->read(icco,rd_fp,0)) != 0)
data/argyll-2.0.1+repack/icc/iccstd.c:373:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(nmode, "b");
data/argyll-2.0.1+repack/icc/icctest.c:185:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = rd_icco->read(rd_icco,rd_fp,offset)) != 0)
data/argyll-2.0.1+repack/icc/icctest.c:247:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m->add(m, (unsigned char *)tc[i].s, strlen(tc[i].s));
data/argyll-2.0.1+repack/icc/icctest.c:387:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->ppsize = strlen(str1)+1; /* Allocated and used size of text, inc null */
data/argyll-2.0.1+repack/icc/icctest.c:389:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->crdsize[i] = strlen(str2[i])+1; /* Allocated and used size of text, inc null */
data/argyll-2.0.1+repack/icc/icctest.c:550:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(ts1)+1; /* Allocated and used size of text, inc null */
data/argyll-2.0.1+repack/icc/icctest.c:1198:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->data[i].device.size = strlen(ts1)+1;
data/argyll-2.0.1+repack/icc/icctest.c:1209:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->data[i].device.scSize = strlen(ts3a)+1; /* Used size of scDesc in bytes, inc null */
data/argyll-2.0.1+repack/icc/icctest.c:1216:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->data[i].model.size = strlen(ts1)+1;
data/argyll-2.0.1+repack/icc/icctest.c:1227:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->data[i].model.scSize = strlen(ts3b)+1; /* Used size of scDesc in bytes, inc null */
data/argyll-2.0.1+repack/icc/icctest.c:1416:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(ts1)+1; /* Allocated and used size of desc, inc null */
data/argyll-2.0.1+repack/icc/icctest.c:1428:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->scSize = strlen(ts3)+1; /* Used size of scDesc in bytes, inc null */
data/argyll-2.0.1+repack/icc/icctest.c:1471:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(ts1)+1; /* Allocated and used size of text, inc null */
data/argyll-2.0.1+repack/icc/icctest.c:1555:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(ts1)+1; /* Allocated and used size of text, inc null */
data/argyll-2.0.1+repack/icc/icctest.c:1608:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(ts1)+1; /* Allocated and used size of text, inc null */
data/argyll-2.0.1+repack/icc/lutest.c:909:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(dst)+1; /* Allocated and used size of desc, inc null */
data/argyll-2.0.1+repack/icc/lutest.c:921:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(crt)+1; /* Allocated and used size of text, inc null */
data/argyll-2.0.1+repack/icc/lutest.c:988:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = rd_icco->read(rd_icco,rd_fp,0)) != 0)
data/argyll-2.0.1+repack/icc/lutest.c:1203:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(dst)+1; /* Allocated and used size of desc, inc null */
data/argyll-2.0.1+repack/icc/lutest.c:1215:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(crt)+1; /* Allocated and used size of text, inc null */
data/argyll-2.0.1+repack/icc/lutest.c:1282:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = rd_icco->read(rd_icco,rd_fp,0)) != 0)
data/argyll-2.0.1+repack/icc/lutest.c:1602:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(dst)+1; /* Allocated and used size of desc, inc null */
data/argyll-2.0.1+repack/icc/lutest.c:1614:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(crt)+1; /* Allocated and used size of text, inc null */
data/argyll-2.0.1+repack/icc/lutest.c:1713:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = rd_icco->read(rd_icco,rd_fp,0)) != 0)
data/argyll-2.0.1+repack/icc/lutest.c:1931:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(dst)+1; /* Allocated and used size of desc, inc null */
data/argyll-2.0.1+repack/icc/lutest.c:1943:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(crt)+1; /* Allocated and used size of text, inc null */
data/argyll-2.0.1+repack/icc/lutest.c:2218:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = rd_icco->read(rd_icco,rd_fp,0)) != 0)
data/argyll-2.0.1+repack/icc/lutest.c:2503:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(dst)+1; /* Allocated and used size of desc, inc null */
data/argyll-2.0.1+repack/icc/lutest.c:2515:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(crt)+1; /* Allocated and used size of text, inc null */
data/argyll-2.0.1+repack/icc/lutest.c:2731:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = rd_icco->read(rd_icco,rd_fp,0)) != 0)
data/argyll-2.0.1+repack/icc/lutest.c:3013:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(dst)+1; /* Allocated and used size of desc, inc null */
data/argyll-2.0.1+repack/icc/lutest.c:3025:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(crt)+1; /* Allocated and used size of text, inc null */
data/argyll-2.0.1+repack/icc/lutest.c:3241:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = rd_icco->read(rd_icco,rd_fp,0)) != 0)
data/argyll-2.0.1+repack/icc/mcheck.c:136:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = out_name + strlen(out_name);
data/argyll-2.0.1+repack/icc/mcheck.c:147:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = rd_icco->read(rd_icco,rd_fp,0)) != 0)
data/argyll-2.0.1+repack/icc/mkDispProf.c:141:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(dst)+1; /* Allocated and used size of desc, inc null */
data/argyll-2.0.1+repack/icc/mkDispProf.c:143:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->scSize = strlen(dst)+1;
data/argyll-2.0.1+repack/icc/mkDispProf.c:158:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(crt)+1; /* Allocated and used size of text, inc null */
data/argyll-2.0.1+repack/imdi/cctiff.c:1147:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dst_pname,na, MAXNAMEL); dst_pname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/imdi/cctiff.c:1242:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(su.profs[su.nprofs].name,argv[fa],MAXNAMEL);
data/argyll-2.0.1+repack/imdi/cctiff.c:1262:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out_name,su.profs[--su.nprofs].name, MAXNAMEL); out_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/imdi/cctiff.c:1263:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(in_name,su.profs[--su.nprofs].name, MAXNAMEL); in_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/imdi/cctiff.c:1523:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((su.profs[i].cal->read(su.profs[i].cal, su.profs[i].name)) == 0) {
data/argyll-2.0.1+repack/imdi/cctiff.c:1676:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((wdesc = malloc(sizeof(char) * (strlen(rdesc) + strlen(ddesc) + 2))) == NULL)
data/argyll-2.0.1+repack/imdi/cctiff.c:1676:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((wdesc = malloc(sizeof(char) * (strlen(rdesc) + strlen(ddesc) + 2))) == NULL)
data/argyll-2.0.1+repack/imdi/cctiff.c:1681:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(wdesc, " ");
data/argyll-2.0.1+repack/imdi/cctiff.c:1750:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inlen += strlen(ct->data[i].name) + 1;
data/argyll-2.0.1+repack/imdi/cctiff.c:1756:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(ct->data[i].name) + 1;
data/argyll-2.0.1+repack/imdi/cctiff.c:2094:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((wdesc = malloc(sizeof(char) * (strlen(rdesc) + strlen(ddesc) + 2))) == NULL)
data/argyll-2.0.1+repack/imdi/cctiff.c:2094:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((wdesc = malloc(sizeof(char) * (strlen(rdesc) + strlen(ddesc) + 2))) == NULL)
data/argyll-2.0.1+repack/imdi/cctiff.c:2099:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(wdesc, " ");
data/argyll-2.0.1+repack/imdi/cctiff.c:2102:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jpeg_write_marker(&wj, JPEG_COM, (const JOCTET *)wdesc, strlen(wdesc)+1);
data/argyll-2.0.1+repack/imdi/cctiff.c:2106:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jpeg_write_marker(&wj, JPEG_COM, (const JOCTET *)wdesc, strlen(wdesc)+1);
data/argyll-2.0.1+repack/imdi/cctiff.c:2158:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fp->read(fp, buf, 1, size) != size)
data/argyll-2.0.1+repack/imdi/cctiffo.c:607:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = su.in.c->read(su.in.c,su.in.fp,0)) != 0)
data/argyll-2.0.1+repack/imdi/cctiffo.c:641:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = su.out.c->read(su.out.c,su.out.fp,0)) != 0)
data/argyll-2.0.1+repack/imdi/cctiffo.c:712:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = su.dev.c->read(su.dev.c, su.dev.fp, 0)) != 0)
data/argyll-2.0.1+repack/imdi/greytiff.c:292:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = icco->read(icco,p_fp,0)) != 0)
data/argyll-2.0.1+repack/imdi/imdi_make.c:192:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dirname,na,MAXNAMEL); dirname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/imdi/imdi_make.c:193:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(dirname);
data/argyll-2.0.1+repack/imdi/imdi_make.c:196:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dirname, "/");
data/argyll-2.0.1+repack/jcnf/jcnf.c:75:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(p->recds[i].key) + 1;
data/argyll-2.0.1+repack/jcnf/jcnf.c:88:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(num);
data/argyll-2.0.1+repack/jcnf/jcnf.c:91:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(p->recds[i].key);
data/argyll-2.0.1+repack/jcnf/jcnf.c:277:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(key);
data/argyll-2.0.1+repack/jcnf/jcnf.c:861:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((tname = malloc(strlen(p->fname) + 8)) == NULL)
data/argyll-2.0.1+repack/jcnf/jcnf.c:882:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((tname = malloc(strlen(p->fname) + 8)) == NULL)
data/argyll-2.0.1+repack/jcnf/jcnf.c:998:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yajl_gen_cpp_comment(g, p->keys[i]->cpp_comment, strlen(p->keys[i]->cpp_comment));
data/argyll-2.0.1+repack/jcnf/jcnf.c:1001:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yajl_gen_c_comment(g, p->keys[i]->c_comment, strlen(p->keys[i]->c_comment), 1);
data/argyll-2.0.1+repack/jcnf/jcnf.c:1006:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yajl_gen_string(g, "test", strlen("test"));
data/argyll-2.0.1+repack/jcnf/jcnf.c:1007:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yajl_gen_string(g, "test value", strlen("test value"));
data/argyll-2.0.1+repack/jcnf/jcnf.c:1008:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yajl_gen_c_comment(g, " A comment ", strlen(" A comment "));
data/argyll-2.0.1+repack/jcnf/jcnf.c:1239:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p2 = p1 + strlen(p1);
data/argyll-2.0.1+repack/jcnf/jcnf.c:1243:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rv, p1, p2 - p1);
data/argyll-2.0.1+repack/jcnf/test.c:94:2: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/link/collink.c:2132:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(abs_name,na,MAXNAMEL); abs_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/link/collink.c:2156:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cal_name,na,MAXNAMEL); cal_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/link/collink.c:2174:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sgam_name,na,MAXNAMEL); sgam_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/link/collink.c:2635:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(in_name,argv[fa++],MAXNAMEL); in_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/link/collink.c:2638:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out_name,argv[fa++],MAXNAMEL); out_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/link/collink.c:2643:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(link_name,argv[fa++],MAXNAMEL); link_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/link/collink.c:2648:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tdlut_name,link_name,MAXNAMEL-4); tdlut_name[MAXNAMEL-4] = '\000';
data/argyll-2.0.1+repack/link/collink.c:2650:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = tdlut_name + strlen(tdlut_name);
data/argyll-2.0.1+repack/link/collink.c:2659:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tdlut_name,link_name,MAXNAMEL-6); tdlut_name[MAXNAMEL-6] = '\000';
data/argyll-2.0.1+repack/link/collink.c:2661:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = tdlut_name + strlen(tdlut_name);
data/argyll-2.0.1+repack/link/collink.c:2668:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tdlut_name,link_name,MAXNAMEL-6); tdlut_name[MAXNAMEL-6] = '\000';
data/argyll-2.0.1+repack/link/collink.c:2670:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = tdlut_name + strlen(tdlut_name);
data/argyll-2.0.1+repack/link/collink.c:2974:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((li.cal->read(li.cal, cal_name)) != 0)
data/argyll-2.0.1+repack/link/collink.c:3021:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = li.abs_icc->read(li.abs_icc,li.abs_fp,0)) != 0)
data/argyll-2.0.1+repack/link/collink.c:4041:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(dst)+1; /* Allocated and used size of desc, inc null */
data/argyll-2.0.1+repack/link/collink.c:4059:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(crt)+1; /* Allocated and used size of text, inc null */
data/argyll-2.0.1+repack/link/collink.c:4072:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(dst)+1; /* Allocated and used size of desc, inc null */
data/argyll-2.0.1+repack/link/collink.c:4085:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(dst)+1; /* Allocated and used size of desc, inc null */
data/argyll-2.0.1+repack/link/collink.c:4306:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > 31)
data/argyll-2.0.1+repack/link/collink.c:4811:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = rd_icc->read(rd_icc,rd_fp,0)) != 0)
data/argyll-2.0.1+repack/link/collink.c:4984:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fname,tdlut_name,MAXNAMEL-1); fname[MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/link/collink.c:4986:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = fname + strlen(fname);
data/argyll-2.0.1+repack/link/collink.c:5126:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fname,tdlut_name,MAXNAMEL-1); fname[MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/link/collink.c:5128:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = fname + strlen(fname);
data/argyll-2.0.1+repack/link/collink.c:5206:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy((char *)h+of, "ArgyllCMS collink", 31); of += 32; /* Creation program */
data/argyll-2.0.1+repack/link/monoplot.c:111:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = in_icco->read(in_icco,in_fp,0)) != 0)
data/argyll-2.0.1+repack/link/monoplot.c:121:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = link_icco->read(link_icco,link_fp,0)) != 0)
data/argyll-2.0.1+repack/link/monoplot.c:131:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = out_icco->read(out_icco,out_fp,0)) != 0)
data/argyll-2.0.1+repack/link/pathplot.c:166:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = in_icco->read(in_icco,in_fp,0)) != 0)
data/argyll-2.0.1+repack/link/pathplot.c:179:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = link_icco->read(link_icco,link_fp,0)) != 0)
data/argyll-2.0.1+repack/link/pathplot.c:189:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = out_icco->read(out_icco,out_fp,0)) != 0)
data/argyll-2.0.1+repack/namedc/namedc.c:240:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(p->pfx);
data/argyll-2.0.1+repack/namedc/namedc.c:248:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(sp);
data/argyll-2.0.1+repack/namedc/namedc.c:259:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cp, sp, slen);
data/argyll-2.0.1+repack/namedc/namedc.c:269:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(sp);
data/argyll-2.0.1+repack/namedc/namedc.c:351:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p->pfx, name, len);
data/argyll-2.0.1+repack/namedc/namedc.c:852:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (icco->read(icco, fp, 0) != 0) {
data/argyll-2.0.1+repack/namedc/namedc.c:1314:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(inname,argv[fa++],MAXNAMEL); inname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/namedc/namedc.c:1322:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (p->read(p, inname, NAMEDC_OP_NODATA)) {
data/argyll-2.0.1+repack/namedc/namedc.h:79:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct _namedc *p, const char *filename, int options);
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:99:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(desc,argv[fa++],MAXNAMEL); desc[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:102:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(inname,argv[fa++],MAXNAMEL); inname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:105:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outname,argv[fa++],MAXNAMEL); outname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:131:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(desc)+1; /* Allocated and used size of desc, inc null */
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:147:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(crt)+1; /* Allocated and used size of text, inc null */
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:192:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(wo->prefix,""); /* Prefix for each color name, max 32, null terminated */
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:193:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(wo->suffix,""); /* Suffix for each color name, max 32, null terminated */
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:217:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(s1, " ");
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:221:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(s1, " ");
data/argyll-2.0.1+repack/namedc/txt2iccnc.c:231:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(wo->data[i].root,s1,31);
data/argyll-2.0.1+repack/numlib/numsup.c:76:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(argv0);
data/argyll-2.0.1+repack/numlib/numsup.c:146:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ll = strlen(cp);
data/argyll-2.0.1+repack/numlib/numsup.c:149:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ll + 1 + strlen(exe_path) + 1) > PATH_MAX) {
data/argyll-2.0.1+repack/numlib/numsup.c:154:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(b1, cp, ll); /* Element of path to search */
data/argyll-2.0.1+repack/numlib/numsup.c:156:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(b1, "/");
data/argyll-2.0.1+repack/numlib/numsup.c:162:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((exe_path = malloc(strlen(b2)+1)) == NULL) {
data/argyll-2.0.1+repack/numlib/numsup.c:163:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a1loge(g_log, 1, "set_exe_path: malloc %d bytes failed\n",strlen(b2)+1);
data/argyll-2.0.1+repack/numlib/numsup.c:181:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(exe_path)-1; i >= 0; i--) {
data/argyll-2.0.1+repack/numlib/numsup.c:184:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((tpath = malloc(strlen(exe_path + i))) == NULL) {
data/argyll-2.0.1+repack/numlib/numsup.c:185:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a1loge(g_log, 1, "set_exe_path: malloc %d bytes failed\n",strlen(exe_path + i));
data/argyll-2.0.1+repack/numlib/numsup.c:196:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(g_log->tag);
data/argyll-2.0.1+repack/numlib/numsup.c:639:12: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
bp += sprintf(bp,".");
data/argyll-2.0.1+repack/numlib/numsup.c:641:10: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
bp += sprintf(bp,"\n");
data/argyll-2.0.1+repack/numlib/numsup.c:2358:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rv[strlen(rv)-1] = '\000';
data/argyll-2.0.1+repack/numlib/numsup.c:2379:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rv[strlen(rv)-1] = '\000';
data/argyll-2.0.1+repack/numlib/numsup.c:2729:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(msec * 1000);
data/argyll-2.0.1+repack/numlib/numsup.c:2869:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(bp, "%d", p[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/numlib/numsup.c:2898:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(bp, fmt, p[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/numlib/numsup.c:2930:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(bp, "%.8f", p[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/numlib/numsup.h:194:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# define sys_read read
data/argyll-2.0.1+repack/plot/plot.c:2195:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XDrawImageString(mydisplay, mywindow, mygc, xx-6, yy, lab, strlen(lab));
data/argyll-2.0.1+repack/plot/plot.c:2213:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XDrawImageString(mydisplay, mywindow, mygc, xx, yy+4, lab, strlen(lab));
data/argyll-2.0.1+repack/plot/plot.c:2342:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pdp->ntext[i], strlen(pdp->ntext[i]));
data/argyll-2.0.1+repack/plot/plot.c:2373:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pdp->mtext[i], strlen(pdp->mtext[i]));
data/argyll-2.0.1+repack/plot/vrml.c:1380:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((s->name = (char *)malloc(strlen(name) + 10)) == NULL) {
data/argyll-2.0.1+repack/plot/vrml.c:1453:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = s->name + strlen(s->name);
data/argyll-2.0.1+repack/plot/vrml.c:1768:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((x3name = (char *)malloc(strlen(s->name) + 20)) == NULL) {
data/argyll-2.0.1+repack/profile/applycal.c:147:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cal_name,argv[fa++],MAXNAMEL); cal_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/profile/applycal.c:151:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(in_name,argv[fa++],MAXNAMEL); in_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/profile/applycal.c:155:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out_name,argv[fa++],MAXNAMEL); out_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/profile/applycal.c:165:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((cal->read(cal, cal_name)) != 0)
data/argyll-2.0.1+repack/profile/applycal.c:177:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = icco->read(icco,rd_fp,0)) != 0)
data/argyll-2.0.1+repack/profile/applycal.c:383:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ro->size = strlen(ro->desc) + 3 + strlen(extra) + 3;
data/argyll-2.0.1+repack/profile/applycal.c:383:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ro->size = strlen(ro->desc) + 3 + strlen(extra) + 3;
data/argyll-2.0.1+repack/profile/cb2ti3.c:192:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/profile/colprof.c:821:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ipname,na,MAXNAMEL); ipname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/profile/colprof.c:830:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sgname,na,MAXNAMEL); sgname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/profile/colprof.c:838:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(absstring,na,MAXNAMEL*3); absstring[MAXNAMEL*3] = '\000';
data/argyll-2.0.1+repack/profile/colprof.c:970:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outname,na,MAXNAMEL); outname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/profile/colprof.c:981:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(baname,argv[fa++],MAXNAMEL-4); baname[MAXNAMEL-4] = '\000';
data/argyll-2.0.1+repack/profile/colverify.c:267:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(histoname,na,MAXNAMEL); histoname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/profile/colverify.c:409:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gprofname,na,MAXNAMEL-1); gprofname[MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/profile/colverify.c:416:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ccmxname,na,MAXNAMEL-1); ccmxname[MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/profile/colverify.c:437:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cg[0].name,argv[fa++],MAXNAMEL); cg[0].name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/profile/colverify.c:440:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cg[1].name,argv[fa],MAXNAMEL); cg[1].name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/profile/colverify.c:447:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = out_name + strlen(out_name);
data/argyll-2.0.1+repack/profile/colverify.c:464:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = icco->read(icco,fp,0)) != 0)
data/argyll-2.0.1+repack/profile/invprofcheck.c:267:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(in_name,argv[fa++],MAXNAMEL); in_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/profile/invprofcheck.c:269:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out_name,in_name,MAXNAMEL-4); out_name[MAXNAMEL-4] = '\000';
data/argyll-2.0.1+repack/profile/invprofcheck.c:271:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = out_name + strlen(out_name);
data/argyll-2.0.1+repack/profile/invprofcheck.c:282:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = icco->read(icco,rd_fp,0)) != 0)
data/argyll-2.0.1+repack/profile/kodak2ti3.c:158:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/profile/kodak2ti3.c:267:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(buf, "KCMSPATCHFILE 2 1", strlen("KCMSPATCHFILE 2 1")) != 0) {
data/argyll-2.0.1+repack/profile/kodak2ti3.c:275:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(buf, "928", strlen("928")) != 0) {
data/argyll-2.0.1+repack/profile/ls2ti3.c:162:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(inname,argv[fa++],MAXNAMEL); inname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/profile/ls2ti3.c:165:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outname,argv[fa++],MAXNAMEL-4); outname[MAXNAMEL-4] = '\000';
data/argyll-2.0.1+repack/profile/ls2ti3.c:304:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/profile/printcal.c:142:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct _pcaltarg *p, cgats *cg, int tab); /* return nz on error */
data/argyll-2.0.1+repack/profile/printcal.c:177:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/profile/printcal.c:860:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(calname,argv[fa++],MAXNAMEL-4); calname[MAXNAMEL-4] = '\000';
data/argyll-2.0.1+repack/profile/printcal.c:864:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(baname,argv[fa++],MAXNAMEL-4); baname[MAXNAMEL-4] = '\000';
data/argyll-2.0.1+repack/profile/printcal.c:966:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (pct->read(pct, tcg, 1) != 0)
data/argyll-2.0.1+repack/profile/printcal.c:2138:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/profile/printcal.c:2197:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/profile/printcal.c:2273:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(nmode, "w");
data/argyll-2.0.1+repack/profile/printcal.c:2275:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(nmode, "b");
data/argyll-2.0.1+repack/profile/profcheck.c:256:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (tp = buf, i = 0; i < ndv; i++, tp += strlen(tp) + 1) {
data/argyll-2.0.1+repack/profile/profcheck.c:417:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ti3name,argv[fa++],MAXNAMEL); ti3name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/profile/profcheck.c:420:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(iccname,argv[fa++],MAXNAMEL); iccname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/profile/profcheck.c:422:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out_name,iccname,MAXNAMEL-4); out_name[MAXNAMEL-4] = '\000';
data/argyll-2.0.1+repack/profile/profcheck.c:424:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = out_name + strlen(out_name);
data/argyll-2.0.1+repack/profile/profcheck.c:716:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tpat[i].slo, "");
data/argyll-2.0.1+repack/profile/profcheck.c:893:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tpat[i].slo, "");
data/argyll-2.0.1+repack/profile/profcheck.c:954:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = rd_icco->read(rd_icco,rd_fp,0)) != 0)
data/argyll-2.0.1+repack/profile/profcheck.c:1090:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = outname + strlen(outname);
data/argyll-2.0.1+repack/profile/profin.c:390:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(dst)+1; /* Allocated and used size of desc, inc null */
data/argyll-2.0.1+repack/profile/profin.c:408:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(crt)+1; /* Allocated and used size of text, inc null */
data/argyll-2.0.1+repack/profile/profin.c:421:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(dst)+1; /* Allocated and used size of desc, inc null */
data/argyll-2.0.1+repack/profile/profin.c:434:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(dst)+1; /* Allocated and used size of desc, inc null */
data/argyll-2.0.1+repack/profile/profin.c:1277:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = rd_icco->read(rd_icco,rd_fp,0)) != 0)
data/argyll-2.0.1+repack/profile/profout.c:1133:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(dst)+1; /* Allocated and used size of desc, inc null */
data/argyll-2.0.1+repack/profile/profout.c:1151:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(crt)+1; /* Allocated and used size of text, inc null */
data/argyll-2.0.1+repack/profile/profout.c:1164:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(dst)+1; /* Allocated and used size of desc, inc null */
data/argyll-2.0.1+repack/profile/profout.c:1177:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(dst)+1; /* Allocated and used size of desc, inc null */
data/argyll-2.0.1+repack/profile/profout.c:1241:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) > 31)
data/argyll-2.0.1+repack/profile/profout.c:2316:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = abs_icc[i]->read(abs_icc[i],abs_fp[i],0)) != 0)
data/argyll-2.0.1+repack/profile/profout.c:3205:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = rd_icco->read(rd_icco,rd_fp,0)) != 0)
data/argyll-2.0.1+repack/profile/simpprof.c:268:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/profile/splitti3.c:152:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(in_name,argv[fa++],MAXNAMEL); in_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/profile/splitti3.c:155:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out_name1,argv[fa++],MAXNAMEL); out_name1[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/profile/splitti3.c:158:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out_name2,argv[fa++],MAXNAMEL); out_name2[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/profile/txt2ti3.c:582:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/profile/txt2ti3.c:829:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/render/render.c:573:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
txt.text_length = strlen(txt.text);
data/argyll-2.0.1+repack/render/timage.c:173:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outname,argv[fa++],MAXNAMEL); outname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/rspl/gam.c:1020:2: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/rspl/rev.c:12504:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(bp, "%f:%f", min[e],max[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/rspl/rev.c:12786:3: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/rspl/rev.c:13011:3: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/rspl/rev.c:13077:2: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/rspl/rev.c:13220:3: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/scanin/scanin.c:329:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(datout_name,na,MAXNAMEL); datout_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/scanin/scanin.c:339:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tiffin_name,argv[fa],MAXNAMEL); tiffin_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/scanin/scanin.c:347:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(datout_name,argv[fa],MAXNAMEL); datout_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/scanin/scanin.c:349:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = datout_name + strlen(datout_name);
data/argyll-2.0.1+repack/scanin/scanin.c:358:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(recog_name,argv[fa],MAXNAMEL); recog_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/scanin/scanin.c:362:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prof_name,argv[fa],MAXNAMEL); prof_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/scanin/scanin.c:370:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(datin_name,argv[fa],MAXNAMEL); datin_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/scanin/scanin.c:384:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(diag_name,argv[fa],MAXNAMEL); diag_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/scanin/scanin.c:536:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/scanin/scanin.c:560:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sr->read(sr, id, NULL, P, NULL, &pixcnt) != 0)
data/argyll-2.0.1+repack/scanin/scanin.c:563:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sr->read(sr, id, P, NULL, NULL, &pixcnt) != 0)
data/argyll-2.0.1+repack/scanin/scanin.c:700:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sr->read(sr, loc, NULL, P, NULL, &pixcnt);
data/argyll-2.0.1+repack/scanin/scanin.c:702:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sr->read(sr, loc, P, NULL, NULL, &pixcnt);
data/argyll-2.0.1+repack/scanin/scanin.c:800:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/scanin/scanin.c:1011:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = rd_icco->read(rd_icco,rd_fp,0)) == 0) {
data/argyll-2.0.1+repack/scanin/scanin.c:1068:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sr->read(sr, loc, NULL, P, NULL, &pixcnt);
data/argyll-2.0.1+repack/scanin/scanin.c:1070:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sr->read(sr, loc, P, NULL, NULL, &pixcnt);
data/argyll-2.0.1+repack/scanin/scanin.c:1199:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/scanin/scanin.c:1345:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sr->read(sr, tod, NULL, P, sdP, &pixcnt);
data/argyll-2.0.1+repack/scanin/scanin.c:1347:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sr->read(sr, tod, P, NULL, sdP, &pixcnt);
data/argyll-2.0.1+repack/scanin/scanrd.c:1958:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(s);
data/argyll-2.0.1+repack/scanin/scanrd.c:2058:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((rv = getc(elf)) != '\n' && rv != EOF);
data/argyll-2.0.1+repack/scanin/scanrd.c:2076:6: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if(fscanf(elf," %19s %19s %19s %19s %19s %lf %lf %lf %lf %lf %lf",xfirst ,xfix1, xfix2, yfix1, yfix2, &w, &h, &ox, &oy, &xi, &yi) != 11) {
data/argyll-2.0.1+repack/scanin/scanrd.c:2154:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((rv = getc(elf)) != '\n' && rv != EOF);
data/argyll-2.0.1+repack/scanin/scanrd.c:2170:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((rv = getc(elf)) != '\n' && rv != EOF);
data/argyll-2.0.1+repack/scanin/scanrd.c:2200:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((rv = getc(elf)) != '\n' && rv != EOF);
data/argyll-2.0.1+repack/scanin/scanrd.c:2227:14: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if ((rv = fscanf(elf,"EXPECTED %19s %d ",csps, &nxpt)) == 2) {
data/argyll-2.0.1+repack/scanin/scanrd.c:2244:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((rv = getc(elf)) != '\n' && rv != EOF);
data/argyll-2.0.1+repack/scanin/scanrd.c:2251:8: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (fscanf(elf," %19s %lf %lf %lf ",
data/argyll-2.0.1+repack/scanin/scanrd.c:4356:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(is);
data/argyll-2.0.1+repack/scanin/scanrd.h:86:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct _scanrd *s,
data/argyll-2.0.1+repack/spectro/aglob.c:109:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((tpath = malloc(4 * strlen(spath)+1)) == NULL) {
data/argyll-2.0.1+repack/spectro/aglob.c:162:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((fpath = malloc(strlen(g->base) + strlen(g->ffs.name) + 1)) == NULL) {
data/argyll-2.0.1+repack/spectro/aglob.c:162:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((fpath = malloc(strlen(g->base) + strlen(g->ffs.name) + 1)) == NULL) {
data/argyll-2.0.1+repack/spectro/average.c:172:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(inps[ninps].name,argv[fa],MAXNAMEL);
data/argyll-2.0.1+repack/spectro/ccwin.c:256:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mg_write(conn, sbuf, strlen(sbuf));
data/argyll-2.0.1+repack/spectro/ccwin.c:266:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mg_write(conn, sbuf, strlen(sbuf));
data/argyll-2.0.1+repack/spectro/ccxxmake.c:310:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(innames[0],cna,MAXNAMEL-1); innames[0][MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/spectro/ccxxmake.c:316:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(innames[0],cna,MAXNAMEL-1); innames[0][MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/spectro/ccxxmake.c:317:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(innames[1],f1,MAXNAMEL-1); innames[1][MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/spectro/ccxxmake.c:597:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outname,argv[fa++],MAXNAMEL-1); outname[MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/spectro/ccxxmake.c:689:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((description = malloc(strlen(disp) + strlen(tt) + 1)) == NULL)
data/argyll-2.0.1+repack/spectro/ccxxmake.c:689:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((description = malloc(strlen(disp) + strlen(tt) + 1)) == NULL)
data/argyll-2.0.1+repack/spectro/ccxxmake.c:959:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((colname = malloc(strlen(tt) + strlen(oname) + 3)) == NULL)
data/argyll-2.0.1+repack/spectro/ccxxmake.c:959:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((colname = malloc(strlen(tt) + strlen(oname) + 3)) == NULL)
data/argyll-2.0.1+repack/spectro/ccxxmake.c:964:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(colname, ")");
data/argyll-2.0.1+repack/spectro/ccxxmake.c:968:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((description = malloc(strlen(colname) + strlen(disp) + 4)) == NULL)
data/argyll-2.0.1+repack/spectro/ccxxmake.c:968:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((description = malloc(strlen(colname) + strlen(disp) + 4)) == NULL)
data/argyll-2.0.1+repack/spectro/ccxxmake.c:1310:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dr->read(dr, rdcols, npat, 1, npat, 1, 0, instClamp)) != 0) {
data/argyll-2.0.1+repack/spectro/ccxxmake.c:1382:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((description = malloc(strlen(disp) + strlen(tt) + 1)) == NULL)
data/argyll-2.0.1+repack/spectro/ccxxmake.c:1382:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((description = malloc(strlen(disp) + strlen(tt) + 1)) == NULL)
data/argyll-2.0.1+repack/spectro/ccxxmake.c:1448:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((colname = malloc(strlen(tt) + strlen(oname) + 3)) == NULL)
data/argyll-2.0.1+repack/spectro/ccxxmake.c:1448:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((colname = malloc(strlen(tt) + strlen(oname) + 3)) == NULL)
data/argyll-2.0.1+repack/spectro/ccxxmake.c:1453:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(colname, ")");
data/argyll-2.0.1+repack/spectro/ccxxmake.c:1457:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((description = malloc(strlen(colname) + strlen(disp) + 4)) == NULL)
data/argyll-2.0.1+repack/spectro/ccxxmake.c:1457:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((description = malloc(strlen(colname) + strlen(disp) + 4)) == NULL)
data/argyll-2.0.1+repack/spectro/chartread.c:776:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vals[i].loc, scols[i]->loc, ICOM_MAX_LOC_LEN-1);
data/argyll-2.0.1+repack/spectro/chartread.c:2293:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ccxxname,na,MAXNAMEL-1); ccxxname[MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/spectro/chartread.c:2427:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(calname,na,MAXNAMEL); calname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/spectro/chartread.c:2495:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ccxxname,na,MAXNAMEL-1); ccxxname[MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/spectro/chartread.c:2498:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ccxxname,na,MAXNAMEL-1); ccxxname[MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/spectro/chartread.c:2524:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/spectro/chartread.c:2602:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(cp) + 1;
data/argyll-2.0.1+repack/spectro/chartread.c:2793:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((cal->read(cal, calname)) != 0)
data/argyll-2.0.1+repack/spectro/conv.c:512:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(STDIN_FILENO, tb, 1) > 0) { /* User hit a key */
data/argyll-2.0.1+repack/spectro/conv.c:557:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(STDIN_FILENO, tb, 1) > 0) { /* User hit a key */
data/argyll-2.0.1+repack/spectro/dispcal.c:1469:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dr->read(dr, ttt, 17, 1, 17, 1, 0, instNoClamp)) != 0) {
data/argyll-2.0.1+repack/spectro/dispcal.c:1482:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dr->read(dr, t2, 17, 1, 17, 1, 0, instNoClamp)) != 0) {
data/argyll-2.0.1+repack/spectro/dispcal.c:1930:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ccxxname,na,MAXNAMEL-1); ccxxname[MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/spectro/dispcal.c:2074:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(iccoutname,na,MAXNAMEL); iccoutname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/spectro/dispcal.c:2298:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ccxxname,na,MAXNAMEL-1); ccxxname[MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/spectro/dispcal.c:2301:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ccxxname,na,MAXNAMEL-1); ccxxname[MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/spectro/dispcal.c:2362:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outname,argv[fa],MAXNAMEL-4); outname[MAXNAMEL-4] = '\000';
data/argyll-2.0.1+repack/spectro/dispcal.c:2365:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(iccoutname,argv[fa++],MAXNAMEL-4); iccoutname[MAXNAMEL-4] = '\000';
data/argyll-2.0.1+repack/spectro/dispcal.c:2442:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dr->read(dr, tcols, 3, 1, 3, 1, 0, instClamp)) != 0) {
data/argyll-2.0.1+repack/spectro/dispcal.c:2503:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dr->read(dr, ttt, res_samps, 1, res_samps, 1, 0, instNoClamp)) != 0) {
data/argyll-2.0.1+repack/spectro/dispcal.c:2924:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = icco->read(icco,ic_fp,0)) != 0) {
data/argyll-2.0.1+repack/spectro/dispcal.c:3131:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dr->read(dr, tcols, 3, 0, 0, 1, 0, instClamp)) != 0) {
data/argyll-2.0.1+repack/spectro/dispcal.c:3158:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dr->read(dr, tcols+1, 1, 0, 0, 1, ' ',instClamp)) != 0) {
data/argyll-2.0.1+repack/spectro/dispcal.c:3208:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dr->read(dr, ccols, 3, 0, 0, 1, 0, instClamp)) != 0) {
data/argyll-2.0.1+repack/spectro/dispcal.c:3225:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dr->read(dr, tcols, 1, 0, 0, 1, 0, instClamp)) != 0) {
data/argyll-2.0.1+repack/spectro/dispcal.c:3284:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dr->read(dr, tcols, 1, 0, 0, 1, ' ', instClamp)) != 0) {
data/argyll-2.0.1+repack/spectro/dispcal.c:3406:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dr->read(dr, tcols, 1, 0, 0, 1, 0, instClamp)) != 0) {
data/argyll-2.0.1+repack/spectro/dispcal.c:3432:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dr->read(dr, tcols, 1, 0, 0, 1, ' ', instClamp)) != 0) {
data/argyll-2.0.1+repack/spectro/dispcal.c:3479:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dr->read(dr, ccols, 3, 0, 0, 1, 0, instClamp)) != 0) {
data/argyll-2.0.1+repack/spectro/dispcal.c:3496:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dr->read(dr, tcols, 3, 0, 0, 1, 0, instClamp)) != 0) {
data/argyll-2.0.1+repack/spectro/dispcal.c:3546:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dr->read(dr, tcols+1, 1, 0, 0, 1, ' ', instClamp)) != 0) {
data/argyll-2.0.1+repack/spectro/dispcal.c:3644:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dr->read(dr, tcols, 3, 0, 0, 1, 0, instClamp)) != 0) {
data/argyll-2.0.1+repack/spectro/dispcal.c:3665:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dr->read(dr, tcols+3, 1, 0, 0, 1, 0, instClamp)) != 0) {
data/argyll-2.0.1+repack/spectro/dispcal.c:3867:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dr->read(dr, base, 9, 1, 9, 1, 0, instNoClamp)) != 0) {
data/argyll-2.0.1+repack/spectro/dispcal.c:4007:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dr->read(dr, cols, isteps * 4, 1, isteps * 4, 1, 0, instClamp)) != 0) {
data/argyll-2.0.1+repack/spectro/dispcal.c:4193:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dr->read(dr, set, 1, i+1, nn+3, 1, 0, instClamp)) != 0) {
data/argyll-2.0.1+repack/spectro/dispcal.c:4684:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dr->read(dr, set, 1, rsteps-i, rsteps, 0, 0, instClamp)) != 0) {
data/argyll-2.0.1+repack/spectro/dispcal.c:4797:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dr->read(dr, set, 1, rsteps-i, rsteps, 0, 0, instClamp)) != 0
data/argyll-2.0.1+repack/spectro/dispcal.c:4798:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| (rv = dr->read(dr, set+1, 1, rsteps-i, rsteps, 0, 0, instClamp)) != 0
data/argyll-2.0.1+repack/spectro/dispcal.c:4799:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| (rv = dr->read(dr, set+2, 1, rsteps-i, rsteps, 0, 0, instClamp)) != 0) {
data/argyll-2.0.1+repack/spectro/dispcal.c:5263:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/spectro/dispcal.c:5399:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/spectro/dispcal.c:5456:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = icco->read(icco,ic_fp,0)) != 0)
data/argyll-2.0.1+repack/spectro/dispcal.c:5720:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(dst)+1; /* Allocated and used size of desc, inc null */
data/argyll-2.0.1+repack/spectro/dispcal.c:5738:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(crt)+1; /* Allocated and used size of text, inc null */
data/argyll-2.0.1+repack/spectro/dispcal.c:5751:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(dst)+1; /* Allocated and used size of desc, inc null */
data/argyll-2.0.1+repack/spectro/dispcal.c:5764:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(dst)+1; /* Allocated and used size of desc, inc null */
data/argyll-2.0.1+repack/spectro/dispread.c:437:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(calname,na,MAXNAMEL); calname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/spectro/dispread.c:513:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ccxxname,na,MAXNAMEL-1); ccxxname[MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/spectro/dispread.c:657:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ccxxname,na,MAXNAMEL-1); ccxxname[MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/spectro/dispread.c:660:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ccxxname,na,MAXNAMEL-1); ccxxname[MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/spectro/dispread.c:720:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(inname,argv[fa++],MAXNAMEL-4); inname[MAXNAMEL-4] = '\000';
data/argyll-2.0.1+repack/spectro/dispread.c:746:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/spectro/dispread.c:946:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dr->read(dr, cols, npat + xpat, 1, npat + xpat, 1, 0, instNoClamp)) != 0) {
data/argyll-2.0.1+repack/spectro/dispsup.c:421:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((cmd = malloc(strlen(p->scallout) + 200)) == NULL)
data/argyll-2.0.1+repack/spectro/dispsup.c:1827:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((cmd = malloc(strlen(p->mcallout) + 200)) == NULL)
data/argyll-2.0.1+repack/spectro/dispsup.c:2496:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (p->fake_icc->read(p->fake_icc,p->fake_fp,0) == 0) {
data/argyll-2.0.1+repack/spectro/dispsup.h:166:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct _disprd *p,
data/argyll-2.0.1+repack/spectro/disptechs.c:424:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
osel += strlen(osel);
data/argyll-2.0.1+repack/spectro/dispwin.c:295:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((w = malloc(sizeof(unsigned short) * (strlen(s) + 1))) == NULL)
data/argyll-2.0.1+repack/spectro/dispwin.c:360:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(disps[i]->monid, ""); /* We won't be able to set a profile */
data/argyll-2.0.1+repack/spectro/dispwin.c:541:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(desc, v, 49);
data/argyll-2.0.1+repack/spectro/dispwin.c:592:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dnbuf,dname,99); dnbuf[99] = '\000';
data/argyll-2.0.1+repack/spectro/dispwin.c:598:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dnbuf,"0");
data/argyll-2.0.1+repack/spectro/dispwin.c:1604:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (basename = fname + strlen(fname); ; basename--) {
data/argyll-2.0.1+repack/spectro/dispwin.c:1624:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = strlen(home) + strlen(dirname) + strlen(basename) + 1;
data/argyll-2.0.1+repack/spectro/dispwin.c:1624:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = strlen(home) + strlen(dirname) + strlen(basename) + 1;
data/argyll-2.0.1+repack/spectro/dispwin.c:1624:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = strlen(home) + strlen(dirname) + strlen(basename) + 1;
data/argyll-2.0.1+repack/spectro/dispwin.c:1938:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = icco->read(icco,rd_fp,0)) != 0) {
data/argyll-2.0.1+repack/spectro/dispwin.c:1986:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(dst)+1; /* Allocated and used size of desc, inc null */
data/argyll-2.0.1+repack/spectro/dispwin.c:2035:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ppath = malloc(strlen(tpath) + 6)) == NULL) {
data/argyll-2.0.1+repack/spectro/dispwin.c:2174:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tpath) > 255) {
data/argyll-2.0.1+repack/spectro/dispwin.c:2178:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ppath = malloc(strlen(tpath) + 6)) == NULL) {
data/argyll-2.0.1+repack/spectro/dispwin.c:2195:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tploc.u.pathLoc.path, tpath, 255);
data/argyll-2.0.1+repack/spectro/dispwin.c:2594:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(colpath) + strlen(basename) + 2) > MAX_PATH) {
data/argyll-2.0.1+repack/spectro/dispwin.c:2594:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(colpath) + strlen(basename) + 2) > MAX_PATH) {
data/argyll-2.0.1+repack/spectro/dispwin.c:2599:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(colpath, "\\");
data/argyll-2.0.1+repack/spectro/dispwin.c:2831:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (basename = fname + strlen(fname); ; basename--) {
data/argyll-2.0.1+repack/spectro/dispwin.c:2837:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(dpath) + strlen(basename) + 2) > FILENAME_MAX
data/argyll-2.0.1+repack/spectro/dispwin.c:2837:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(dpath) + strlen(basename) + 2) > FILENAME_MAX
data/argyll-2.0.1+repack/spectro/dispwin.c:2838:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| (strlen(dpath) + strlen(basename) + 2) > 256) {
data/argyll-2.0.1+repack/spectro/dispwin.c:2838:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| (strlen(dpath) + strlen(basename) + 2) > 256) {
data/argyll-2.0.1+repack/spectro/dispwin.c:2842:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dpath, "/");
data/argyll-2.0.1+repack/spectro/dispwin.c:2850:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ploc.u.pathLoc.path, fname, 255);
data/argyll-2.0.1+repack/spectro/dispwin.c:2863:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dploc.u.pathLoc.path, dpath, 255);
data/argyll-2.0.1+repack/spectro/dispwin.c:2961:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(colpath) + strlen(basename) + 2) > MAX_PATH) {
data/argyll-2.0.1+repack/spectro/dispwin.c:2961:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(colpath) + strlen(basename) + 2) > MAX_PATH) {
data/argyll-2.0.1+repack/spectro/dispwin.c:2966:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(colpath, "\\");
data/argyll-2.0.1+repack/spectro/dispwin.c:3151:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (basename = fname + strlen(fname); ; basename--) {
data/argyll-2.0.1+repack/spectro/dispwin.c:3157:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(dpath) + strlen(basename) + 2) > FILENAME_MAX
data/argyll-2.0.1+repack/spectro/dispwin.c:3157:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(dpath) + strlen(basename) + 2) > FILENAME_MAX
data/argyll-2.0.1+repack/spectro/dispwin.c:3158:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| (strlen(dpath) + strlen(basename) + 2) > 256) {
data/argyll-2.0.1+repack/spectro/dispwin.c:3158:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| (strlen(dpath) + strlen(basename) + 2) > 256) {
data/argyll-2.0.1+repack/spectro/dispwin.c:3162:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dpath, "/");
data/argyll-2.0.1+repack/spectro/dispwin.c:3299:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(name, "Display", mxlen);
data/argyll-2.0.1+repack/spectro/dispwin.c:3376:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(name, "Display", mxlen);
data/argyll-2.0.1+repack/spectro/dispwin.c:3404:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, profile, mxlen);
data/argyll-2.0.1+repack/spectro/dispwin.c:3499:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, aname, mxlen);
data/argyll-2.0.1+repack/spectro/dispwin.c:4207:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((cmd = malloc(strlen(p->callout) + 200)) == NULL)
data/argyll-2.0.1+repack/spectro/dispwin.c:5858:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dnbuf,disp->name,99); dnbuf[99] = '\000';
data/argyll-2.0.1+repack/spectro/dispwin.c:5864:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dnbuf,"0");
data/argyll-2.0.1+repack/spectro/dispwin.c:6001:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (icco->read(icco, rd_fp,0) != 0) { /* Read ICC OK */
data/argyll-2.0.1+repack/spectro/dispwin.c:6398:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pcname,na,MAXNAMEL); pcname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/spectro/dispwin.c:6427:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sname,na,MAXNAMEL); sname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/spectro/dispwin.c:6491:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(calname,argv[fa++],MAXNAMEL); calname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/spectro/dispwin.c:6605:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/spectro/dispwin.c:6715:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (icco->read(icco, rd_fp,0) == 0) { /* Read ICC OK */
data/argyll-2.0.1+repack/spectro/dispwin.c:6994:7: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/spectro/dispwin.c:7013:7: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/spectro/dispwin.c:7029:7: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/spectro/dispwin.c:7045:7: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/spectro/dispwin.c:7060:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/spectro/dispwin.c:7068:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/spectro/dispwin.c:7076:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/spectro/dispwin.c:7084:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/spectro/dispwin.c:7092:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/spectro/dispwin.c:7100:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/spectro/dispwin.c:7108:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/spectro/dispwin.c:7116:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/spectro/dispwin.c:7124:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/spectro/dispwin.c:7132:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/spectro/dispwin.c:7140:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/spectro/dispwin.c:7148:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/spectro/dispwin.c:7156:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/spectro/dispwin.c:7164:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/spectro/dispwin.c:7172:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/spectro/dispwin.c:7189:8: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/argyll-2.0.1+repack/spectro/dtp20.c:94:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = s + strlen(s);
data/argyll-2.0.1+repack/spectro/dtp20.c:139:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
insize = strlen(in);
data/argyll-2.0.1+repack/spectro/dtp20.c:147:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((se = p->icom->read(p->icom, out, bsize, NULL, tc, ntc, to)) != 0) {
data/argyll-2.0.1+repack/spectro/dtp20.c:160:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
p->icom->read(p->icom, buf, MAX_MES_SIZE, NULL, tc, ntc, 0.5);
data/argyll-2.0.1+repack/spectro/dtp20.c:186:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
insize = strlen(in);
data/argyll-2.0.1+repack/spectro/dtp20.c:386:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(buf) < 12
data/argyll-2.0.1+repack/spectro/dtp20.c:537:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*tp == '\000' || strlen(tp) > 40)
data/argyll-2.0.1+repack/spectro/dtp20.c:551:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp += strlen(tp) + 1;
data/argyll-2.0.1+repack/spectro/dtp20.c:770:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*tp == '\000' || strlen(tp) > 40)
data/argyll-2.0.1+repack/spectro/dtp20.c:784:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp += strlen(tp) + 1;
data/argyll-2.0.1+repack/spectro/dtp20.c:1009:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*buf == '\000' || strlen(buf) > 40)
data/argyll-2.0.1+repack/spectro/dtp22.c:95:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = s + strlen(s);
data/argyll-2.0.1+repack/spectro/dtp22.c:322:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(buf) < 12
data/argyll-2.0.1+repack/spectro/dtp22.c:359:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen("Serial Number:");
data/argyll-2.0.1+repack/spectro/dtp22.c:365:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen("OEM Serial #:");
data/argyll-2.0.1+repack/spectro/dtp22.c:371:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen("Cal Plaque Serial #:");
data/argyll-2.0.1+repack/spectro/dtp22.c:500:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((se = p->icom->read(p->icom, buf, MAX_MES_SIZE, NULL, ">", 1, 1.0)) != 0) {
data/argyll-2.0.1+repack/spectro/dtp22.c:519:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(buf) >= 4
data/argyll-2.0.1+repack/spectro/dtp22.c:602:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp = buf + strlen(buf) + 1;
data/argyll-2.0.1+repack/spectro/dtp22.c:606:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp += strlen(tp) + 1;
data/argyll-2.0.1+repack/spectro/dtp22.c:616:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp += strlen(tp) + 1;
data/argyll-2.0.1+repack/spectro/dtp22.c:734:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((se = p->icom->read(p->icom, buf, MAX_MES_SIZE, NULL, ">", 1, 1.0)) != 0) {
data/argyll-2.0.1+repack/spectro/dtp22.c:749:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(buf) >= 4
data/argyll-2.0.1+repack/spectro/dtp41.c:75:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = s + strlen(s);
data/argyll-2.0.1+repack/spectro/dtp41.c:363:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(buf) < 12
data/argyll-2.0.1+repack/spectro/dtp41.c:618:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp += strlen(tp) + 1;
data/argyll-2.0.1+repack/spectro/dtp41.c:639:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tp) < (31 * 8 - 1)) {
data/argyll-2.0.1+repack/spectro/dtp41.c:656:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp += strlen(tp) + 1;
data/argyll-2.0.1+repack/spectro/dtp41.c:796:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp += strlen(tp) + 1;
data/argyll-2.0.1+repack/spectro/dtp41.c:837:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tp) < (31 * 8 - 1)) {
data/argyll-2.0.1+repack/spectro/dtp41.c:850:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp += strlen(tp) + 1;
data/argyll-2.0.1+repack/spectro/dtp51.c:78:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = s + strlen(s);
data/argyll-2.0.1+repack/spectro/dtp51.c:162:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((se = p->icom->read(p->icom, out, bsize, NULL, tc, ntc, to)) != 0) {
data/argyll-2.0.1+repack/spectro/dtp51.c:381:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(buf) < 12
data/argyll-2.0.1+repack/spectro/dtp51.c:554:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp += strlen(tp) + 1;
data/argyll-2.0.1+repack/spectro/dtp92.c:82:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = s + strlen(s);
data/argyll-2.0.1+repack/spectro/dtp92.c:357:9: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (getchar() == 'Y') {
data/argyll-2.0.1+repack/spectro/dtp92.c:405:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(buf) < 12
data/argyll-2.0.1+repack/spectro/fakeread.c:282:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sepname,na,MAXNAMEL); sepname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/spectro/fakeread.c:305:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(odispname,cp+1,MAXNAMEL); odispname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/spectro/fakeread.c:325:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(odispname,na,MAXNAMEL); odispname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/spectro/fakeread.c:358:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(calname,na,MAXNAMEL); calname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/spectro/fakeread.c:426:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(profname,argv[fa++],MAXNAMEL); profname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/spectro/fakeread.c:429:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(inname,argv[fa],MAXNAMEL-4); inname[MAXNAMEL-4] = '\000';
data/argyll-2.0.1+repack/spectro/fakeread.c:434:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outname,argv[fa],MAXNAMEL-4); outname[MAXNAMEL-4] = '\000';
data/argyll-2.0.1+repack/spectro/fakeread.c:513:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = sep_icco->read(sep_icco,sep_fp,0)) == 0) {
data/argyll-2.0.1+repack/spectro/fakeread.c:537:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((cal->read(cal, calname)) != 0)
data/argyll-2.0.1+repack/spectro/fakeread.c:557:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = icc_icco->read(icc_icco,icc_fp,0)) == 0) {
data/argyll-2.0.1+repack/spectro/fakeread.c:808:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (oicco->read(oicco,ofp,0))
data/argyll-2.0.1+repack/spectro/fakeread.c:906:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/spectro/hcfr.c:129:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rv = c->read(c, buf, MAX_MES_SIZE, NULL, NULL, 100000, 0.05);
data/argyll-2.0.1+repack/spectro/hcfr.c:161:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) < 6) {
data/argyll-2.0.1+repack/spectro/hcfr.c:219:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) < 156) {
data/argyll-2.0.1+repack/spectro/hcfr.c:220:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a1logd(p->log, 1, "hcfr_get_rgb: not enough bytes returned = expected %d, got %d\n",156,strlen(buf));
data/argyll-2.0.1+repack/spectro/hcfr.c:234:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vbuf, bp, 3); div = (double)atoi(vbuf); bp += 3;
data/argyll-2.0.1+repack/spectro/hcfr.c:236:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vbuf, bp, 3); mul = (double)atoi(vbuf); bp += 3;
data/argyll-2.0.1+repack/spectro/hcfr.c:242:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vbuf, bp, 3); den = atoi(vbuf); bp += 3;
data/argyll-2.0.1+repack/spectro/hcfr.c:243:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vbuf, bp, 3); den = (den << 8) + atoi(vbuf); bp += 3;
data/argyll-2.0.1+repack/spectro/hcfr.c:244:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vbuf, bp, 3); den = (den << 8) + atoi(vbuf); bp += 3;
data/argyll-2.0.1+repack/spectro/hcfr.c:245:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vbuf, bp, 3); den = (den << 8) + atoi(vbuf); bp += 3;
data/argyll-2.0.1+repack/spectro/hcfr.c:247:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vbuf, bp, 3); num = atoi(vbuf); bp += 3;
data/argyll-2.0.1+repack/spectro/hcfr.c:248:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vbuf, bp, 3); num = (num << 8) + atoi(vbuf); bp += 3;
data/argyll-2.0.1+repack/spectro/hidio.c:209:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) < 8)
data/argyll-2.0.1+repack/spectro/hidio.c:219:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cp) < 8)
data/argyll-2.0.1+repack/spectro/hidio.c:250:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((hidd->dpath = calloc(1, strlen(pdidd->DevicePath)+2)) == NULL) {
data/argyll-2.0.1+repack/spectro/hidio.c:258:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(hidd->dpath, "\\");
data/argyll-2.0.1+repack/spectro/hidio.c:469:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dpath, "/");
data/argyll-2.0.1+repack/spectro/i1d3.c:426:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)rv, (char *)fromdev + 2, 63);
data/argyll-2.0.1+repack/spectro/i1d3.c:477:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)rv, (char *)fromdev + 2, 31);
data/argyll-2.0.1+repack/spectro/i1d3.c:523:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)rv, (char *)fromdev + 2, 31);
data/argyll-2.0.1+repack/spectro/i1d3.c:546:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)rv, (char *)fromdev + 2, 31);
data/argyll-2.0.1+repack/spectro/i1d3.c:2040:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p->serial_no, (char *)buf + 0x10, 20);
data/argyll-2.0.1+repack/spectro/i1d3.c:2043:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p->vers_no, (char *)buf + 0x2C, 10);
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:693:10: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
bp += sprintf(bp,"\n");
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:700:10: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
bp += sprintf(bp,"\n");
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:4303:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(nmode, "w");
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:4308:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(nmode, "b");
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:4428:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(nmode, "r");
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:4433:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(nmode, "b");
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11097:11: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
bp += sprintf(bp,"\n");
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11141:11: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
bp += sprintf(bp,"\n");
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:11629:11: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
bp += sprintf(bp,"\n");
data/argyll-2.0.1+repack/spectro/i1pro_imp.c:12875:13: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
bp += sprintf(bp,"\n");
data/argyll-2.0.1+repack/spectro/icoms.c:771:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
p->read(p, tbuf, 500, &bread, NULL, 500, 0.02);
data/argyll-2.0.1+repack/spectro/icoms.c:793:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rv = p->read(p, rbuf, bsize, bread, tc, ntc, tout);
data/argyll-2.0.1+repack/spectro/icoms.c:1038:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d += strlen(d);
data/argyll-2.0.1+repack/spectro/icoms.h:482:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(
data/argyll-2.0.1+repack/spectro/icoms_nt.c:498:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(wbuf);
data/argyll-2.0.1+repack/spectro/icoms_ux.c:244:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen (de->d_name) < 7)
data/argyll-2.0.1+repack/spectro/icoms_ux.c:256:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((dpath = (char *)malloc(strlen(dirn) + strlen(de->d_name) + 1)) == NULL) {
data/argyll-2.0.1+repack/spectro/icoms_ux.c:256:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((dpath = (char *)malloc(strlen(dirn) + strlen(de->d_name) + 1)) == NULL) {
data/argyll-2.0.1+repack/spectro/icoms_ux.c:769:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(wbuf);
data/argyll-2.0.1+repack/spectro/icoms_ux.c:888:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rbytes = read(p->fd, rbuf, bsize);
data/argyll-2.0.1+repack/spectro/illumread.c:425:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outname,argv[fa++],MAXNAMEL-1); outname[MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/spectro/illumread.c:430:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tnp = tname + strlen(tname);
data/argyll-2.0.1+repack/spectro/inst.c:950:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(list[nlist-1].sel, ss_list[i].sel, INST_DTYPE_SEL_LEN);
data/argyll-2.0.1+repack/spectro/inst.c:953:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(list[nlist-1].desc, ss_list[i].desc, INST_DTYPE_DESC_LEN);
data/argyll-2.0.1+repack/spectro/inst.c:999:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(list[nlist-1].sel, ss_list[i].sel, INST_DTYPE_SEL_LEN);
data/argyll-2.0.1+repack/spectro/inst.c:1002:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(list[nlist-1].desc, ss_list[i].desc, INST_DTYPE_DESC_LEN);
data/argyll-2.0.1+repack/spectro/inst.c:1190:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tech) + strlen(disp) + 4;
data/argyll-2.0.1+repack/spectro/inst.c:1190:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tech) + strlen(disp) + 4;
data/argyll-2.0.1+repack/spectro/inst.c:1219:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pp, ")");
data/argyll-2.0.1+repack/spectro/inst.c:1322:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tech) + strlen(disp) + 4;
data/argyll-2.0.1+repack/spectro/inst.c:1322:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tech) + strlen(disp) + 4;
data/argyll-2.0.1+repack/spectro/inst.c:1351:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pp, ")");
data/argyll-2.0.1+repack/spectro/inst.c:1517:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(bp) >= 4
data/argyll-2.0.1+repack/spectro/inst.c:1528:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/argyll-2.0.1+repack/spectro/inst.c:1556:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
p->read(p, buf, BUFSZ, &bread, NULL, BUFSZ, 0.1);
data/argyll-2.0.1+repack/spectro/inst.c:1598:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((bp = strrchr(buf, '!')) != NULL && strlen(bp) >= 13) {
data/argyll-2.0.1+repack/spectro/inst.c:1669:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/argyll-2.0.1+repack/spectro/inst.c:1899:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/argyll-2.0.1+repack/spectro/inst.c:1966:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) >= 41) {
data/argyll-2.0.1+repack/spectro/inst.c:1980:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) >= 12) {
data/argyll-2.0.1+repack/spectro/inst.c:2004:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
p->read(p, buf, BUFSZ, &bread, NULL, BUFSZ, 0.1);
data/argyll-2.0.1+repack/spectro/inst.c:2106:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cp, inst_mode_sym[i].sym, 4);
data/argyll-2.0.1+repack/spectro/instappsup.c:449:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, oline, pstart);
data/argyll-2.0.1+repack/spectro/instappsup.c:452:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
olen = strlen(oline); /* lenth of option part of line */
data/argyll-2.0.1+repack/spectro/instappsup.c:503:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(extra, ",");
data/argyll-2.0.1+repack/spectro/instappsup.c:506:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(extra + strlen(extra), "CB%d",sels[j].cbid);
data/argyll-2.0.1+repack/spectro/instappsup.c:508:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(extra, "]");
data/argyll-2.0.1+repack/spectro/kleink10.c:160:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tt, f+1, p-f-1);
data/argyll-2.0.1+repack/spectro/kleink10.c:216:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bwrite = strlen((char *)in);
data/argyll-2.0.1+repack/spectro/kleink10.c:217:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)cmd, (char *)in, 2);
data/argyll-2.0.1+repack/spectro/kleink10.c:285:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
adump_bytes(p->log, " ", (unsigned char *)in, 0, strlen((char *)in));
data/argyll-2.0.1+repack/spectro/kleink10.c:309:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((se = p->icom->read(p->icom, out, bsize, &bread, tc, nchar, to)) != ICOM_OK) {
data/argyll-2.0.1+repack/spectro/kleink10.c:443:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p->serial_no, buf+9, 9);
data/argyll-2.0.1+repack/spectro/kleink10.c:508:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p->firm_ver, buf+2, 8);
data/argyll-2.0.1+repack/spectro/mongoose.c:172:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read(x, y, z) _read((x), (y), (unsigned) z)
data/argyll-2.0.1+repack/spectro/mongoose.c:252:21: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
#define mg_sleep(x) usleep((x) * 1000)
data/argyll-2.0.1+repack/spectro/mongoose.c:608:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, inet_ntoa(usa->sin.sin_addr), len);
data/argyll-2.0.1+repack/spectro/mongoose.c:720:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return mg_strndup(str, strlen(str));
data/argyll-2.0.1+repack/spectro/mongoose.c:853:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list = val->ptr + strlen(val->ptr);
data/argyll-2.0.1+repack/spectro/mongoose.c:894:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(str + j);
data/argyll-2.0.1+repack/spectro/mongoose.c:1025:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path + i + 2, strlen(path + i + 1));
data/argyll-2.0.1+repack/spectro/mongoose.c:1038:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = buf + strlen(buf) - 1;
data/argyll-2.0.1+repack/spectro/mongoose.c:1499:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read(fileno(fp), buf, (size_t) len);
data/argyll-2.0.1+repack/spectro/mongoose.c:1680:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(name);
data/argyll-2.0.1+repack/spectro/mongoose.c:1722:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = (int) strlen(cookie_name);
data/argyll-2.0.1+repack/spectro/mongoose.c:1723:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = s + strlen(s);
data/argyll-2.0.1+repack/spectro/mongoose.c:1769:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = buf + strlen(buf); p > buf + 1; p--) {
data/argyll-2.0.1+repack/spectro/mongoose.c:1773:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(conn->ctx->config[CGI_EXTENSIONS]), buf) > 0 &&
data/argyll-2.0.1+repack/spectro/mongoose.c:1781:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p + 2, p + 1, strlen(p + 1) + 1); // +1 is for trailing \0
data/argyll-2.0.1+repack/spectro/mongoose.c:1849:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (((sscanf(datetime, "%d/%3s/%d %d:%d:%d",
data/argyll-2.0.1+repack/spectro/mongoose.c:1851:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
(sscanf(datetime, "%d %3s %d %d:%d:%d",
data/argyll-2.0.1+repack/spectro/mongoose.c:1853:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
(sscanf(datetime, "%*3s, %d %3s %d %d:%d:%d",
data/argyll-2.0.1+repack/spectro/mongoose.c:1855:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
(sscanf(datetime, "%d-%3s-%d %d:%d:%d",
data/argyll-2.0.1+repack/spectro/mongoose.c:1946:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_len = strlen(path);
data/argyll-2.0.1+repack/spectro/mongoose.c:1967:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_len = strlen(path);
data/argyll-2.0.1+repack/spectro/mongoose.c:1982:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vec->len = strlen(vec->ptr);
data/argyll-2.0.1+repack/spectro/mongoose.c:2196:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MD5Update(&ctx, (const unsigned char *) p, (unsigned) strlen(p));
data/argyll-2.0.1+repack/spectro/mongoose.c:2219:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(response) != 32
data/argyll-2.0.1+repack/spectro/mongoose.c:2253:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = path, e = p + strlen(p) - 1; e > p; e--)
data/argyll-2.0.1+repack/spectro/mongoose.c:2573:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return match_prefix(pw_pattern, strlen(pw_pattern), path) > 0 ||
data/argyll-2.0.1+repack/spectro/mongoose.c:2574:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(pattern != NULL && match_prefix(pattern, strlen(pattern), path) > 0);
data/argyll-2.0.1+repack/spectro/mongoose.c:2900:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = strlen(path);
data/argyll-2.0.1+repack/spectro/mongoose.c:3399:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) mg_snprintf(conn, path + strlen(path),
data/argyll-2.0.1+repack/spectro/mongoose.c:3400:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(path) - strlen(path), "%s", file_name);
data/argyll-2.0.1+repack/spectro/mongoose.c:3412:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(conn->ctx->config[SSI_EXTENSIONS]), path) > 0) {
data/argyll-2.0.1+repack/spectro/mongoose.c:3450:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc(fp)) != EOF) {
data/argyll-2.0.1+repack/spectro/mongoose.c:3745:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SHA1Update(&sha_ctx, (unsigned char *) buf, strlen(buf));
data/argyll-2.0.1+repack/spectro/mongoose.c:3892:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri_len = (int) strlen(ri->uri);
data/argyll-2.0.1+repack/spectro/mongoose.c:3943:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(conn->ctx->config[CGI_EXTENSIONS]),
data/argyll-2.0.1+repack/spectro/mongoose.c:3954:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(conn->ctx->config[SSI_EXTENSIONS]),
data/argyll-2.0.1+repack/spectro/munki_imp.c:1471:26: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
double fulimit = sqrt(ulimit); /* Fast exit limit */
data/argyll-2.0.1+repack/spectro/munki_imp.c:1477:45: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
a1logd(p->log,3,"ulimit %f, llimit %f\n",ulimit,llimit);
data/argyll-2.0.1+repack/spectro/munki_imp.c:1548:17: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
if (scale > ulimit || scale < llimit) {
data/argyll-2.0.1+repack/spectro/munki_imp.c:1549:93: [1] (obsolete) ulimit:
This C routine is considered obsolete (as opposed to the shell command by
the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2),
setrlimit(2), and sysconf(3) instead.
a1logd(p->log,1,"White calibration failed - didn't converge (%f %f %f)\n",llimit,scale,ulimit);
data/argyll-2.0.1+repack/spectro/munki_imp.c:3178:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(nmode, "w");
data/argyll-2.0.1+repack/spectro/munki_imp.c:3183:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(nmode, "b");
data/argyll-2.0.1+repack/spectro/munki_imp.c:3298:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(nmode, "r");
data/argyll-2.0.1+repack/spectro/munki_imp.c:3300:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(nmode, "b");
data/argyll-2.0.1+repack/spectro/munki_imp.c:8400:11: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
bp += sprintf(bp,"\n");
data/argyll-2.0.1+repack/spectro/munki_imp.c:8860:11: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
bp += sprintf(bp,"\n");
data/argyll-2.0.1+repack/spectro/munki_imp.c:9266:9: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
bp += sprintf(bp,"\n");
data/argyll-2.0.1+repack/spectro/munki_imp.c:9273:9: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
bp += sprintf(bp,"\n");
data/argyll-2.0.1+repack/spectro/oemarch.c:572:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i += strlen(buf + i) + 1;
data/argyll-2.0.1+repack/spectro/oemarch.c:612:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((sl = strlen(buf.f_mntfromname)) > 3
data/argyll-2.0.1+repack/spectro/oemarch.c:674:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ivol) - 5 + strlen(usr) + 1;
data/argyll-2.0.1+repack/spectro/oemarch.c:674:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ivol) - 5 + strlen(usr) + 1;
data/argyll-2.0.1+repack/spectro/oemarch.c:679:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vol, ivol, cp-ivol);
data/argyll-2.0.1+repack/spectro/oemarch.c:711:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ap = buf + strlen(buf);
data/argyll-2.0.1+repack/spectro/oemarch.c:758:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ap = tname + strlen(tname);
data/argyll-2.0.1+repack/spectro/oemarch.c:928:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(pfx) + strlen(cp) + 1;
data/argyll-2.0.1+repack/spectro/oemarch.c:928:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(pfx) + strlen(cp) + 1;
data/argyll-2.0.1+repack/spectro/oemarch.c:1012:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen(name); /* length excluding null */
data/argyll-2.0.1+repack/spectro/oemarch.c:1469:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ccssname = malloc(strlen(edrname) + 10)) == NULL)
data/argyll-2.0.1+repack/spectro/oemarch.c:1475:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ccssname) > 4
data/argyll-2.0.1+repack/spectro/oemarch.c:1476:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (strncmp(ccssname + strlen(ccssname) -4, ".edr", 4) == 0
data/argyll-2.0.1+repack/spectro/oemarch.c:1477:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strncmp(ccssname + strlen(ccssname) -4, ".EDR", 4) == 0))
data/argyll-2.0.1+repack/spectro/oemarch.c:1478:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(ccssname + strlen(ccssname) -4, ".ccss");
data/argyll-2.0.1+repack/spectro/oemarch.c:1639:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dispdesc, (char *)buf + 0x0060, 255); dispdesc[255] = '\000';
data/argyll-2.0.1+repack/spectro/oemarch.c:2103:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int headerlen = strlen(headerid);
data/argyll-2.0.1+repack/spectro/oemarch.c:2118:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int filelen = strlen(tfilename);
data/argyll-2.0.1+repack/spectro/oemarch.c:2171:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen((char *)ibuf + i);
data/argyll-2.0.1+repack/spectro/oemarch.c:2535:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned long fle = strlen(fid);
data/argyll-2.0.1+repack/spectro/oemarch.c:2805:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sname, (char *)fbuf + off, 8);
data/argyll-2.0.1+repack/spectro/oemarch.c:3032:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fname, (char *)buf + off + 0x10, 94);
data/argyll-2.0.1+repack/spectro/oemarch.c:3037:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off += 0x10 + strlen(fname) + 1; /* Next entry */
data/argyll-2.0.1+repack/spectro/oemarch.c:3123:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fname, (char *)buf + off + 0x10, 94);
data/argyll-2.0.1+repack/spectro/oemarch.c:3125:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(fname);
data/argyll-2.0.1+repack/spectro/oeminst.c:157:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tname);
data/argyll-2.0.1+repack/spectro/oeminst.c:244:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(install_dir) + strlen(xf->name);
data/argyll-2.0.1+repack/spectro/oeminst.c:244:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(install_dir) + strlen(xf->name);
data/argyll-2.0.1+repack/spectro/rspec.c:916:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(nmode, "w");
data/argyll-2.0.1+repack/spectro/rspec.c:918:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(nmode, "r");
data/argyll-2.0.1+repack/spectro/rspec.c:924:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(nmode, "b");
data/argyll-2.0.1+repack/spectro/rspec.c:1082:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(dp) + 1;
data/argyll-2.0.1+repack/spectro/smcube.c:174:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((se = p->icom->read(p->icom, (char *)out, MAX_MES_SIZE, NULL, NULL, olen, to)) != 0) {
data/argyll-2.0.1+repack/spectro/smcube.c:1318:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((se = p->icom->read(p->icom, (char *)buf, MAX_MES_SIZE, NULL, NULL, 16, to)) != 0
data/argyll-2.0.1+repack/spectro/spec2cie.c:780:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, illum_str, 40);
data/argyll-2.0.1+repack/spectro/spec2cie.c:795:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = buf + strlen(buf);
data/argyll-2.0.1+repack/spectro/specbos.c:184:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
icoms_fix(in), icoms_fix(out),strlen(out), se);
data/argyll-2.0.1+repack/spectro/specbos.c:215:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((se = p->icom->read(p->icom, out, bsize, NULL, tc, 1, to)) != 0) {
data/argyll-2.0.1+repack/spectro/specbos.c:328:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/argyll-2.0.1+repack/spectro/spotread.c:747:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filtername,na,MAXNAMEL-1); filtername[MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/spectro/spotread.c:826:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ccxxname,na,MAXNAMEL-1); ccxxname[MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/spectro/spotread.c:834:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(psetrefname,na,MAXNAMEL-1); psetrefname[MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/spectro/spotread.c:862:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(wtilename,&na[2],MAXNAMEL-1); wtilename[MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/spectro/spotread.c:902:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outname,argv[fa++],MAXNAMEL-1); outname[MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/spectro/spotread.c:912:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ccxxname,na,MAXNAMEL-1); ccxxname[MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/spectro/spotread.c:915:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ccxxname,na,MAXNAMEL-1); ccxxname[MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/spectro/spotread.c:2154:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (getns(buf, 500) != NULL && strlen(buf) > 0) {
data/argyll-2.0.1+repack/spectro/ss_imp.c:521:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p->rbufe = p->_rbuf + strlen(p->_rbuf);
data/argyll-2.0.1+repack/spectro/synthcal.c:262:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outname) < 4 || strcmp(".cal",outname + strlen(outname)-4) != 0)
data/argyll-2.0.1+repack/spectro/synthcal.c:262:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outname) < 4 || strcmp(".cal",outname + strlen(outname)-4) != 0)
data/argyll-2.0.1+repack/spectro/synthcal.c:309:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/spectro/synthread.c:401:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = sep_icco->read(sep_icco,sep_fp,0)) == 0) {
data/argyll-2.0.1+repack/spectro/synthread.c:436:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/spectro/usbio.c:406:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(wbuf);
data/argyll-2.0.1+repack/spectro/usbio_lx.c:102:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = read(fd, buf, IUSB_DESC_TYPE_DEVICE_SIZE)) < 0
data/argyll-2.0.1+repack/spectro/usbio_lx.c:142:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = read(fd, buf, 4)) < 0
data/argyll-2.0.1+repack/spectro/usbio_lx.c:164:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = read(fd, buf2 + 4, totlen - 4)) < 0 /* Read the remainder */
data/argyll-2.0.1+repack/spectro/vtpglut.c:443:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(bp) >= 4
data/argyll-2.0.1+repack/spectro/vtpglut.c:452:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/argyll-2.0.1+repack/spectro/vtpglut.c:473:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((bp = strrchr(buf, '!')) != NULL && strlen(bp) >= 13) {
data/argyll-2.0.1+repack/spectro/vtpglut.c:514:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((bp = strstr(buf, "!")) != NULL && strlen(bp) >= 13) {
data/argyll-2.0.1+repack/spectro/webwin.c:143:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mg_write(conn, webdisp_js, strlen(webdisp_js));
data/argyll-2.0.1+repack/spectro/xdg_bds.c:148:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ll = strlen(ss);
data/argyll-2.0.1+repack/spectro/xdg_bds.c:166:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((rv = malloc(strlen(in) + strlen(app) + 1)) == NULL) {
data/argyll-2.0.1+repack/spectro/xdg_bds.c:166:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((rv = malloc(strlen(in) + strlen(app) + 1)) == NULL) {
data/argyll-2.0.1+repack/spectro/xdg_bds.c:184:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inlen = strlen(in);
data/argyll-2.0.1+repack/spectro/xdg_bds.c:185:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aplen = strlen(app);
data/argyll-2.0.1+repack/spectro/xdg_bds.c:207:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inlen = strlen(in);
data/argyll-2.0.1+repack/spectro/xdg_bds.c:208:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aplen = strlen(app);
data/argyll-2.0.1+repack/spectro/xdg_bds.c:217:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(rv, "/");
data/argyll-2.0.1+repack/spectro/xdg_bds.c:554:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) == 0) {
data/argyll-2.0.1+repack/spectro/xdg_bds.c:572:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ep = cp + strlen(cp);
data/argyll-2.0.1+repack/spectro/xdg_bds.c:597:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nep = ncp + strlen(ncp);
data/argyll-2.0.1+repack/target/alphix.c:68:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cl = strlen(ax);
data/argyll-2.0.1+repack/target/alphix.c:112:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
v = ax + strlen(ax) - 1; /* start at last character */
data/argyll-2.0.1+repack/target/alphix.c:399:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ll = strlen(sl) + strlen(pl) + 1;
data/argyll-2.0.1+repack/target/alphix.c:399:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ll = strlen(sl) + strlen(pl) + 1;
data/argyll-2.0.1+repack/target/alphix.c:435:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ax = malloc(strlen(_ax)+1)) == NULL)
data/argyll-2.0.1+repack/target/filmtarg.c:318:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/target/ifarp.h:54:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct _ifarp *s, double *d, double *p);
data/argyll-2.0.1+repack/target/ofps.c:630:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(bp, "0x"); bp += strlen(bp);
data/argyll-2.0.1+repack/target/ofps.c:634:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(bp, "%08x", sm->m[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/target/ofps.c:636:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(bp, "%x", sm->m[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/target/ofps.c:8599:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(bp, "%d", co[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/target/ofps.c:8622:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(bp, "%f", val); bp += strlen(bp);
data/argyll-2.0.1+repack/target/ofps.c:8641:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(bp, "%d", n[e]); bp += strlen(bp);
data/argyll-2.0.1+repack/target/ofps.h:394:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct _ofps *s, double *p, double *v);
data/argyll-2.0.1+repack/target/ppoint.h:80:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct _ppoint *s, double *p, double *f);
data/argyll-2.0.1+repack/target/prand.h:55:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct _prand *s, double *d, double *p);
data/argyll-2.0.1+repack/target/printtarg.c:3322:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(calname,na,MAXNAMEL); calname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/target/printtarg.c:3332:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(inname,argv[fa],MAXNAMEL); inname[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/target/printtarg.c:3341:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((cal->read(cal, calname)) != 0)
data/argyll-2.0.1+repack/target/printtarg.c:3398:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/target/printtarg.c:3713:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(bp);
data/argyll-2.0.1+repack/target/printtarg.c:3945:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p->id, id, 19);
data/argyll-2.0.1+repack/target/simdlat.h:76:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct _simdlat *s, double *d, double *p);
data/argyll-2.0.1+repack/target/simplat.h:73:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct _simplat *s, double *d, double *p);
data/argyll-2.0.1+repack/target/targen.c:705:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = s->icco->read(s->icco,s->fp,0)) == 0) {
data/argyll-2.0.1+repack/target/targen.c:1218:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pname,na,MAXNAMEL-1); pname[MAXNAMEL-1] = '\000';
data/argyll-2.0.1+repack/target/targen.c:1274:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fname,argv[fa],MAXNAMEL-4); fname[MAXNAMEL-4] = '\000';
data/argyll-2.0.1+repack/target/targen.c:1277:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(wdname,argv[fa],MAXNAMEL-5); wdname[MAXNAMEL-5] = '\000';
data/argyll-2.0.1+repack/target/targen.c:1278:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(wdname,"d");
data/argyll-2.0.1+repack/target/targen.c:1280:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(wlname,argv[fa],MAXNAMEL-5); wlname[MAXNAMEL-5] = '\000';
data/argyll-2.0.1+repack/target/targen.c:1281:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(wlname,"l");
data/argyll-2.0.1+repack/target/targen.c:1391:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/target/targen.c:2230:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (( s ? s->read(s, val, NULL) :
data/argyll-2.0.1+repack/target/targen.c:2231:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t ? t->read(t, val, NULL) :
data/argyll-2.0.1+repack/target/targen.c:2232:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dx ? dx->read(dx, val, NULL) :
data/argyll-2.0.1+repack/target/targen.c:2233:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rx ? rx->read(rx, val, NULL) :
data/argyll-2.0.1+repack/target/targen.c:2234:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
px->read(px, val, NULL)))
data/argyll-2.0.1+repack/tweak/refine.c:497:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cg[0].name,argv[fa++],MAXNAMEL); cg[0].name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/tweak/refine.c:500:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cg[1].name,argv[fa++],MAXNAMEL); cg[1].name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/tweak/refine.c:505:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dev_name,argv[fa++],MAXNAMEL); dev_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/tweak/refine.c:511:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rd_name,argv[fa++],MAXNAMEL); rd_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/tweak/refine.c:516:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(wr_name,argv[fa++],MAXNAMEL); wr_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/tweak/refine.c:837:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = dev_icc->read(dev_icc,dev_fp,0)) != 0)
data/argyll-2.0.1+repack/tweak/refine.c:888:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = rd_icc->read(rd_icc,rd_fp,0)) != 0)
data/argyll-2.0.1+repack/tweak/refine.c:1063:6: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(tmp, "");
data/argyll-2.0.1+repack/tweak/refine.c:1070:6: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(tmp, "");
data/argyll-2.0.1+repack/tweak/refine.c:1081:6: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(tmp, "");
data/argyll-2.0.1+repack/tweak/refine.c:1181:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(dst)+1; /* Allocated and used size of desc, inc null */
data/argyll-2.0.1+repack/tweak/refine.c:1193:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wo->size = strlen(crt)+1; /* Allocated and used size of text, inc null */
data/argyll-2.0.1+repack/ucmm/ucmm.c:187:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (icco->read(icco,fp,0) != 0) {
data/argyll-2.0.1+repack/ucmm/ucmm.c:229:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((data_pathfile = malloc(strlen(profile_dir) + 1 + strlen(sprof) + 1)) == NULL)
data/argyll-2.0.1+repack/ucmm/ucmm.c:229:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((data_pathfile = malloc(strlen(profile_dir) + 1 + strlen(sprof) + 1)) == NULL)
data/argyll-2.0.1+repack/ucmm/ucmm.c:233:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(data_pathfile) > 1 && data_pathfile[strlen(data_pathfile)-1] != '/')
data/argyll-2.0.1+repack/ucmm/ucmm.c:233:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(data_pathfile) > 1 && data_pathfile[strlen(data_pathfile)-1] != '/')
data/argyll-2.0.1+repack/ucmm/ucmm.c:234:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(data_pathfile, "/");
data/argyll-2.0.1+repack/ucmm/ucmm.c:482:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ev = jc->set_key(jc, -1, keyn1, jc_string, mval, strlen(mval)+1, NULL)) != jc_ok
data/argyll-2.0.1+repack/ucmm/ucmm.c:483:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| (ev = jc->set_key(jc, -1, keyn2, jc_string, data_name, strlen(data_name)+1, NULL)) != jc_ok) {
data/argyll-2.0.1+repack/usb/driver/ioctl.c:581:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = (int)strlen(dev->objname_plugplay_registry_key)+1;
data/argyll-2.0.1+repack/usb/driver/transfer.c:397:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BOOLEAN read;
data/argyll-2.0.1+repack/usb/driver/transfer.c:677:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read)
data/argyll-2.0.1+repack/xicc/ccmx.c:74:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/xicc/ccmx.c:372:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (icg->read(icg, fp)) {
data/argyll-2.0.1+repack/xicc/ccss.c:76:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/xicc/ccss.c:461:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (icg->read(icg, fp)) {
data/argyll-2.0.1+repack/xicc/extracticc.c:120:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(in_name,argv[fa++],MAXNAMEL); in_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/xicc/extracticc.c:123:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out_name,argv[fa++],MAXNAMEL); out_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/xicc/extractttag.c:108:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tag_name,na,4);
data/argyll-2.0.1+repack/xicc/extractttag.c:124:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(in_name,argv[fa++],MAXNAMEL); in_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/xicc/extractttag.c:127:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out_name,argv[fa++],MAXNAMEL); out_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/xicc/extractttag.c:138:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = icco->read(icco,ifp,0)) != 0)
data/argyll-2.0.1+repack/xicc/extractttag.c:168:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (icg->read(icg, cgf) != 0) {
data/argyll-2.0.1+repack/xicc/fakeCMY.c:209:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = rd_icco->read(rd_icco,rd_fp,0)) != 0)
data/argyll-2.0.1+repack/xicc/fakeCMY.c:440:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/xicc/fbview.c:130:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = out_name + strlen(out_name);
data/argyll-2.0.1+repack/xicc/fbview.c:141:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = rd_icco->read(rd_icco,rd_fp,0)) != 0)
data/argyll-2.0.1+repack/xicc/iccgamut.c:403:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prof_name, argv[fa],MAXNAMEL); prof_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/xicc/iccgamut.c:412:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = icco->read(icco,fp,0)) != 0)
data/argyll-2.0.1+repack/xicc/iccgamut.c:525:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = out_name + strlen(out_name);
data/argyll-2.0.1+repack/xicc/icheck.c:124:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = out_name + strlen(out_name);
data/argyll-2.0.1+repack/xicc/icheck.c:135:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = rd_icco->read(rd_icco,rd_fp,0)) != 0)
data/argyll-2.0.1+repack/xicc/mpp.c:206:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/xicc/mpplu.c:440:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = gam_name + strlen(gam_name);
data/argyll-2.0.1+repack/xicc/mpplu.c:458:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = gam_name + strlen(gam_name);
data/argyll-2.0.1+repack/xicc/revfix.c:418:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(abs_name,na,MAXNAMEL); abs_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/xicc/revfix.c:428:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(in_name,argv[fa++],MAXNAMEL); in_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/xicc/revfix.c:431:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out_name,argv[fa++],MAXNAMEL); out_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/xicc/revfix.c:441:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = icco->read(icco,rd_fp,0)) != 0)
data/argyll-2.0.1+repack/xicc/revfix.c:622:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = abs_icc->read(abs_icc,abs_fp,0)) != 0)
data/argyll-2.0.1+repack/xicc/tiffgamut.c:622:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out_name,na,MAXNAMEL); out_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/xicc/tiffgamut.c:633:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prof_name,argv[fa++],MAXNAMEL); prof_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/xicc/tiffgamut.c:642:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out_name,argv[lfa],MAXNAMEL); out_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/xicc/tiffgamut.c:644:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = out_name + strlen(out_name);
data/argyll-2.0.1+repack/xicc/tiffgamut.c:648:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = out_name + strlen(out_name);
data/argyll-2.0.1+repack/xicc/tiffgamut.c:885:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(in_name,argv[fa],MAXNAMEL); in_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/xicc/tiffgmts.c:507:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out_name,na,MAXNAMEL); out_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/xicc/tiffgmts.c:518:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prof_name,argv[fa++],MAXNAMEL); prof_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/xicc/tiffgmts.c:521:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(in_name,argv[fa],MAXNAMEL); in_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/xicc/tiffgmts.c:524:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = out_name + strlen(out_name);
data/argyll-2.0.1+repack/xicc/tiffgmts.c:981:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/xicc/transplot.c:208:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = rd_icco->read(rd_icco,rd_fp,0)) != 0)
data/argyll-2.0.1+repack/xicc/xcal.c:354:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/xicc/xcal.h:55:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read) (struct _xcal *p, char *filename);
data/argyll-2.0.1+repack/xicc/xcolorants.c:175:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(rv, "i");
data/argyll-2.0.1+repack/xicc/xcolorants.c:211:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(cp, icx_ink_table[i].c, strlen(icx_ink_table[i].c)) == 0) {
data/argyll-2.0.1+repack/xicc/xcolorants.c:213:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(icx_ink_table[i].c);
data/argyll-2.0.1+repack/xicc/xfbview.c:194:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xl = out_name + strlen(out_name);
data/argyll-2.0.1+repack/xicc/xfbview.c:205:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = rd_icco->read(rd_icco,rd_fp,0)) != 0)
data/argyll-2.0.1+repack/xicc/xicc.c:2465:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (icg->read(icg, cgf) == 0) {
data/argyll-2.0.1+repack/xicc/xicclu.c:718:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prof_name,argv[fa],MAXNAMEL); prof_name[MAXNAMEL] = '\000';
data/argyll-2.0.1+repack/xicc/xicclu.c:742:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rv = icco->read(icco,fp,0)) != 0)
data/argyll-2.0.1+repack/xicc/xicclu.c:760:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} else if ((rv = icco->read(icco,fp,0)) == 0) { /* ICC profile */
data/argyll-2.0.1+repack/xicc/xicclu.c:1056:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((cal->read(cal, prof_name)) != 0) {
data/argyll-2.0.1+repack/xicc/xspect.c:3627:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atm[strlen(atm)-1] = '\000'; /* Remove \n from end */
data/argyll-2.0.1+repack/xml/mxml-config.h:65:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read _read
data/argyll-2.0.1+repack/xml/mxml-file.c:1056:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((bytes = read(buf->fd, buf->buffer, sizeof(buf->buffer))) < 0)
data/argyll-2.0.1+repack/xml/mxml-file.c:1139:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(fp);
data/argyll-2.0.1+repack/xml/mxml-file.c:1172:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(fp);
data/argyll-2.0.1+repack/xml/mxml-file.c:1186:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(fp);
data/argyll-2.0.1+repack/xml/mxml-file.c:1200:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((temp = getc(fp)) == EOF || (temp & 0xc0) != 0x80)
data/argyll-2.0.1+repack/xml/mxml-file.c:1217:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((temp = getc(fp)) == EOF || (temp & 0xc0) != 0x80)
data/argyll-2.0.1+repack/xml/mxml-file.c:1222:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((temp = getc(fp)) == EOF || (temp & 0xc0) != 0x80)
data/argyll-2.0.1+repack/xml/mxml-file.c:1246:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((temp = getc(fp)) == EOF || (temp & 0xc0) != 0x80)
data/argyll-2.0.1+repack/xml/mxml-file.c:1251:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((temp = getc(fp)) == EOF || (temp & 0xc0) != 0x80)
data/argyll-2.0.1+repack/xml/mxml-file.c:1256:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((temp = getc(fp)) == EOF || (temp & 0xc0) != 0x80)
data/argyll-2.0.1+repack/xml/mxml-file.c:1276:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = (ch << 8) | getc(fp);
data/argyll-2.0.1+repack/xml/mxml-file.c:1290:22: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int lch = (getc(fp) << 8) | getc(fp);
data/argyll-2.0.1+repack/xml/mxml-file.c:1290:39: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int lch = (getc(fp) << 8) | getc(fp);
data/argyll-2.0.1+repack/xml/mxml-file.c:1304:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch |= (getc(fp) << 8);
data/argyll-2.0.1+repack/xml/mxml-file.c:1318:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int lch = getc(fp) | (getc(fp) << 8);
data/argyll-2.0.1+repack/xml/mxml-file.c:1318:33: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int lch = getc(fp) | (getc(fp) << 8);
data/argyll-2.0.1+repack/xml/mxml-file.c:2776:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col += strlen(node->value.element.name) + 1;
data/argyll-2.0.1+repack/xml/mxml-file.c:2782:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width = strlen(attr->name);
data/argyll-2.0.1+repack/xml/mxml-file.c:2785:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width += strlen(attr->value) + 3;
data/argyll-2.0.1+repack/xml/mxml-file.c:2860:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col += strlen(node->value.element.name) + 3;
data/argyll-2.0.1+repack/xml/mxml-file.c:2914:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col += strlen(s);
data/argyll-2.0.1+repack/xml/mxml-file.c:2921:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col += strlen(node->value.opaque);
data/argyll-2.0.1+repack/xml/mxml-file.c:2944:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col += strlen(s);
data/argyll-2.0.1+repack/xml/mxml-file.c:2966:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col += strlen(node->value.text.string);
data/argyll-2.0.1+repack/xml/mxml-file.c:2983:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col += strlen(data);
data/argyll-2.0.1+repack/xml/mxml-file.c:2985:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col = strlen(newline);
data/argyll-2.0.1+repack/xml/mxml-search.c:170:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathsep = path + strlen(path);
data/argyll-2.0.1+repack/xml/mxml-search.c:250:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathsep = path + strlen(path);
data/argyll-2.0.1+repack/xml/mxml-string.c:84:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((t = malloc(strlen(s) + 1)) == NULL)
data/argyll-2.0.1+repack/xml/mxml-string.c:183:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tptr += strlen(tptr);
data/argyll-2.0.1+repack/xml/mxml-string.c:215:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tptr += strlen(tptr);
data/argyll-2.0.1+repack/xml/mxml-string.c:274:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes += strlen(temp);
data/argyll-2.0.1+repack/xml/mxml-string.c:278:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((bufptr + strlen(temp)) > bufend)
data/argyll-2.0.1+repack/xml/mxml-string.c:280:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bufptr, temp, (size_t)(bufend - bufptr));
data/argyll-2.0.1+repack/xml/mxml-string.c:286:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(temp);
data/argyll-2.0.1+repack/xml/mxml-string.c:309:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes += strlen(temp);
data/argyll-2.0.1+repack/xml/mxml-string.c:313:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((bufptr + strlen(temp)) > bufend)
data/argyll-2.0.1+repack/xml/mxml-string.c:315:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bufptr, temp, (size_t)(bufend - bufptr));
data/argyll-2.0.1+repack/xml/mxml-string.c:321:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(temp);
data/argyll-2.0.1+repack/xml/mxml-string.c:332:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes += strlen(temp);
data/argyll-2.0.1+repack/xml/mxml-string.c:336:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((bufptr + strlen(temp)) > bufend)
data/argyll-2.0.1+repack/xml/mxml-string.c:338:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bufptr, temp, (size_t)(bufend - bufptr));
data/argyll-2.0.1+repack/xml/mxml-string.c:344:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(temp);
data/argyll-2.0.1+repack/xml/mxml-string.c:371:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(s);
data/argyll-2.0.1+repack/xml/mxml-string.c:387:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bufptr, s, (size_t)slen);
data/argyll-2.0.1+repack/xml/mxml-string.c:393:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bufptr + width - slen, s, (size_t)slen);
data/argyll-2.0.1+repack/xml/mxmldoc.c:465:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(argv[i]);
data/argyll-2.0.1+repack/xml/mxmldoc.c:672:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (bufptr = buffer; node; bufptr += strlen(bufptr))
data/argyll-2.0.1+repack/xml/mxmldoc.c:701:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (bufptr = buffer; node; bufptr += strlen(bufptr))
data/argyll-2.0.1+repack/xml/mxmldoc.c:830:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(since, ptr + 7, sizeof(since) - 1);
data/argyll-2.0.1+repack/xml/mxmldoc.c:870:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(current->value.text.string);
data/argyll-2.0.1+repack/xml/mxmldoc.c:879:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(current->value.opaque);
data/argyll-2.0.1+repack/xml/mxmldoc.c:1110:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc(fp)) != EOF)
data/argyll-2.0.1+repack/xml/mxmldoc.c:1123:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(fp);
data/argyll-2.0.1+repack/xml/mxmldoc.c:1243:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufptr += strlen(bufptr))
data/argyll-2.0.1+repack/xml/mxmldoc.c:1656:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getc(fp);
data/argyll-2.0.1+repack/xml/mxmldoc.c:1663:23: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc(fp)) != EOF)
data/argyll-2.0.1+repack/xml/mxmldoc.c:1666:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(fp);
data/argyll-2.0.1+repack/xml/mxmldoc.c:2159:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*bufptr++ = getc(fp);
data/argyll-2.0.1+repack/xml/mxmldoc.c:2175:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*bufptr++ = getc(fp);
data/argyll-2.0.1+repack/xml/mxmldoc.c:2715:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (ptr = comment->value.text.string + strlen(comment->value.text.string) - 1;
data/argyll-2.0.1+repack/xml/mxmldoc.c:4854:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = line + strlen(line);
data/argyll-2.0.1+repack/yajl/json_verify.c:51:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((a < argc) && (argv[a][0] == '-') && (strlen(argv[a]) > 1)) {
data/argyll-2.0.1+repack/yajl/json_verify.c:53:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i=1; i < strlen(argv[a]); i++) {
data/argyll-2.0.1+repack/yajl/yajl_encode.c:69:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print(ctx, escaped, (unsigned int)strlen(escaped));
data/argyll-2.0.1+repack/yajl/yajl_encode.c:171:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yajl_buf_append(buf, unescaped, (unsigned int)strlen(unescaped));
data/argyll-2.0.1+repack/yajl/yajl_gen.c:136:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sep != NULL) g->print(g->ctx, sep, strlen(sep));
data/argyll-2.0.1+repack/yajl/yajl_gen.c:167:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned int)strlen(g->indentString)); \
data/argyll-2.0.1+repack/yajl/yajl_gen.c:176:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned int)strlen(g->indentString)); \
data/argyll-2.0.1+repack/yajl/yajl_gen.c:270:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g->print(g->ctx, i, (unsigned int)strlen(i));
data/argyll-2.0.1+repack/yajl/yajl_gen.c:290:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(i, "0123456789-") == strlen(i)) {
data/argyll-2.0.1+repack/yajl/yajl_gen.c:293:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g->print(g->ctx, i, (unsigned int)strlen(i));
data/argyll-2.0.1+repack/yajl/yajl_gen.c:334:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g->print(g->ctx, "null", strlen("null"));
data/argyll-2.0.1+repack/yajl/yajl_gen.c:346:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g->print(g->ctx, val, (unsigned int)strlen(val));
data/argyll-2.0.1+repack/yajl/yajl_parser.c:87:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memneeded += strlen(errorType);
data/argyll-2.0.1+repack/yajl/yajl_parser.c:88:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memneeded += strlen(" error");
data/argyll-2.0.1+repack/yajl/yajl_parser.c:90:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memneeded += strlen(": ");
data/argyll-2.0.1+repack/yajl/yajl_parser.c:91:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memneeded += strlen(errorText);
data/argyll-2.0.1+repack/yajl/yajl_parser.c:102:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat((char *) str, "\n");
data/argyll-2.0.1+repack/yajl/yajl_parser.c:132:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
YA_MALLOC(&(hand->alloc), (unsigned int)(strlen((char *) str) +
data/argyll-2.0.1+repack/yajl/yajl_parser.c:133:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char *) text) +
data/argyll-2.0.1+repack/yajl/yajl_parser.c:134:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(arrow) + 1));
data/argyll-2.0.1+repack/yajl/yajl_test.c:207:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j=0;j<(int)strlen(argv[i]);j++) {
data/argyll-2.0.1+repack/yajl/yajl_tree.c:318:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(v->u.number.r));
data/argyll-2.0.1+repack/yajl/yajl_tree.c:443:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (input));
data/argyll-2.0.1+repack/yajl/yajl_tree.c:449:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(input));
ANALYSIS SUMMARY:
Hits = 4825
Lines analyzed = 505082 in approximately 20.68 seconds (24418 lines/second)
Physical Source Lines of Code (SLOC) = 381611
Hits@level = [0] 7893 [1] 991 [2] 2941 [3] 107 [4] 785 [5] 1
Hits@level+ = [0+] 12718 [1+] 4825 [2+] 3834 [3+] 893 [4+] 786 [5+] 1
Hits/KSLOC@level+ = [0+] 33.3271 [1+] 12.6438 [2+] 10.0469 [3+] 2.34008 [4+] 2.05969 [5+] 0.00262047
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.