Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/bash-5.1~rc3/pathexp.c Examining data/bash-5.1~rc3/hashcmd.c Examining data/bash-5.1~rc3/variables.c Examining data/bash-5.1~rc3/bashhist.c Examining data/bash-5.1~rc3/bracecomp.c Examining data/bash-5.1~rc3/input.h Examining data/bash-5.1~rc3/general.c Examining data/bash-5.1~rc3/array.c Examining data/bash-5.1~rc3/test.c Examining data/bash-5.1~rc3/siglist.h Examining data/bash-5.1~rc3/mailcheck.c Examining data/bash-5.1~rc3/locale.c Examining data/bash-5.1~rc3/trap.h Examining data/bash-5.1~rc3/arrayfunc.c Examining data/bash-5.1~rc3/hashlib.h Examining data/bash-5.1~rc3/redir.c Examining data/bash-5.1~rc3/bashhist.h Examining data/bash-5.1~rc3/error.h Examining data/bash-5.1~rc3/examples/loadables/finfo.c Examining data/bash-5.1~rc3/examples/loadables/necho.c Examining data/bash-5.1~rc3/examples/loadables/tee.c Examining data/bash-5.1~rc3/examples/loadables/cut.c Examining data/bash-5.1~rc3/examples/loadables/uname.c Examining data/bash-5.1~rc3/examples/loadables/unlink.c Examining data/bash-5.1~rc3/examples/loadables/dirname.c Examining data/bash-5.1~rc3/examples/loadables/mypid.c Examining data/bash-5.1~rc3/examples/loadables/rm.c Examining data/bash-5.1~rc3/examples/loadables/csv.c Examining data/bash-5.1~rc3/examples/loadables/loadables.h Examining data/bash-5.1~rc3/examples/loadables/logname.c Examining data/bash-5.1~rc3/examples/loadables/mktemp.c Examining data/bash-5.1~rc3/examples/loadables/fdflags.c Examining data/bash-5.1~rc3/examples/loadables/mkdir.c Examining data/bash-5.1~rc3/examples/loadables/tty.c Examining data/bash-5.1~rc3/examples/loadables/basename.c Examining data/bash-5.1~rc3/examples/loadables/push.c Examining data/bash-5.1~rc3/examples/loadables/id.c Examining data/bash-5.1~rc3/examples/loadables/rmdir.c Examining data/bash-5.1~rc3/examples/loadables/setpgid.c Examining data/bash-5.1~rc3/examples/loadables/template.c Examining data/bash-5.1~rc3/examples/loadables/perl/iperl.c Examining data/bash-5.1~rc3/examples/loadables/perl/bperl.c Examining data/bash-5.1~rc3/examples/loadables/asort.c Examining data/bash-5.1~rc3/examples/loadables/cat.c Examining data/bash-5.1~rc3/examples/loadables/realpath.c Examining data/bash-5.1~rc3/examples/loadables/truefalse.c Examining data/bash-5.1~rc3/examples/loadables/hello.c Examining data/bash-5.1~rc3/examples/loadables/sleep.c Examining data/bash-5.1~rc3/examples/loadables/sync.c Examining data/bash-5.1~rc3/examples/loadables/print.c Examining data/bash-5.1~rc3/examples/loadables/mkfifo.c Examining data/bash-5.1~rc3/examples/loadables/printenv.c Examining data/bash-5.1~rc3/examples/loadables/pathchk.c Examining data/bash-5.1~rc3/examples/loadables/ln.c Examining data/bash-5.1~rc3/examples/loadables/head.c Examining data/bash-5.1~rc3/examples/loadables/seq.c Examining data/bash-5.1~rc3/examples/loadables/strftime.c Examining data/bash-5.1~rc3/examples/loadables/whoami.c Examining data/bash-5.1~rc3/examples/loadables/stat.c Examining data/bash-5.1~rc3/examples/loadables/accept.c Examining data/bash-5.1~rc3/expr.c Examining data/bash-5.1~rc3/variables.h Examining data/bash-5.1~rc3/nojobs.c Examining data/bash-5.1~rc3/eval.c Examining data/bash-5.1~rc3/mailcheck.h Examining data/bash-5.1~rc3/list.c Examining data/bash-5.1~rc3/assoc.h Examining data/bash-5.1~rc3/builtins.h Examining data/bash-5.1~rc3/arrayfunc.h Examining data/bash-5.1~rc3/jobs.h Examining data/bash-5.1~rc3/shell.h Examining data/bash-5.1~rc3/subst.c Examining data/bash-5.1~rc3/dispose_cmd.h Examining data/bash-5.1~rc3/quit.h Examining data/bash-5.1~rc3/redir.h Examining data/bash-5.1~rc3/jobs.c Examining data/bash-5.1~rc3/alias.h Examining data/bash-5.1~rc3/shell.c Examining data/bash-5.1~rc3/dispose_cmd.c Examining data/bash-5.1~rc3/bashansi.h Examining data/bash-5.1~rc3/y.tab.h Examining data/bash-5.1~rc3/general.h Examining data/bash-5.1~rc3/trap.c Examining data/bash-5.1~rc3/lib/readline/input.c Examining data/bash-5.1~rc3/lib/readline/signals.c Examining data/bash-5.1~rc3/lib/readline/rlwinsize.h Examining data/bash-5.1~rc3/lib/readline/history.c Examining data/bash-5.1~rc3/lib/readline/rlshell.h Examining data/bash-5.1~rc3/lib/readline/histexpand.c Examining data/bash-5.1~rc3/lib/readline/kill.c Examining data/bash-5.1~rc3/lib/readline/chardefs.h Examining data/bash-5.1~rc3/lib/readline/mbutil.c Examining data/bash-5.1~rc3/lib/readline/vi_mode.c Examining data/bash-5.1~rc3/lib/readline/savestring.c Examining data/bash-5.1~rc3/lib/readline/compat.c Examining data/bash-5.1~rc3/lib/readline/keymaps.c Examining data/bash-5.1~rc3/lib/readline/text.c Examining data/bash-5.1~rc3/lib/readline/examples/rl-callbacktest.c Examining data/bash-5.1~rc3/lib/readline/examples/excallback.c Examining data/bash-5.1~rc3/lib/readline/examples/fileman.c Examining data/bash-5.1~rc3/lib/readline/examples/rlcat.c Examining data/bash-5.1~rc3/lib/readline/examples/rl.c Examining data/bash-5.1~rc3/lib/readline/examples/rltest.c Examining data/bash-5.1~rc3/lib/readline/examples/manexamp.c Examining data/bash-5.1~rc3/lib/readline/examples/histexamp.c Examining data/bash-5.1~rc3/lib/readline/funmap.c Examining data/bash-5.1~rc3/lib/readline/rldefs.h Examining data/bash-5.1~rc3/lib/readline/parens.c Examining data/bash-5.1~rc3/lib/readline/colors.c Examining data/bash-5.1~rc3/lib/readline/rlprivate.h Examining data/bash-5.1~rc3/lib/readline/misc.c Examining data/bash-5.1~rc3/lib/readline/bind.c Examining data/bash-5.1~rc3/lib/readline/nls.c Examining data/bash-5.1~rc3/lib/readline/shell.c Examining data/bash-5.1~rc3/lib/readline/parse-colors.c Examining data/bash-5.1~rc3/lib/readline/util.c Examining data/bash-5.1~rc3/lib/readline/tilde.h Examining data/bash-5.1~rc3/lib/readline/parse-colors.h Examining data/bash-5.1~rc3/lib/readline/posixdir.h Examining data/bash-5.1~rc3/lib/readline/emacs_keymap.c Examining data/bash-5.1~rc3/lib/readline/isearch.c Examining data/bash-5.1~rc3/lib/readline/history.h Examining data/bash-5.1~rc3/lib/readline/xmalloc.c Examining data/bash-5.1~rc3/lib/readline/search.c Examining data/bash-5.1~rc3/lib/readline/xfree.c Examining data/bash-5.1~rc3/lib/readline/terminal.c Examining data/bash-5.1~rc3/lib/readline/posixselect.h Examining data/bash-5.1~rc3/lib/readline/tilde.c Examining data/bash-5.1~rc3/lib/readline/complete.c Examining data/bash-5.1~rc3/lib/readline/rltty.c Examining data/bash-5.1~rc3/lib/readline/rlstdc.h Examining data/bash-5.1~rc3/lib/readline/rlconf.h Examining data/bash-5.1~rc3/lib/readline/rltty.h Examining data/bash-5.1~rc3/lib/readline/tcap.h Examining data/bash-5.1~rc3/lib/readline/histfile.c Examining data/bash-5.1~rc3/lib/readline/callback.c Examining data/bash-5.1~rc3/lib/readline/histsearch.c Examining data/bash-5.1~rc3/lib/readline/keymaps.h Examining data/bash-5.1~rc3/lib/readline/display.c Examining data/bash-5.1~rc3/lib/readline/vi_keymap.c Examining data/bash-5.1~rc3/lib/readline/readline.c Examining data/bash-5.1~rc3/lib/readline/rlmbutil.h Examining data/bash-5.1~rc3/lib/readline/readline.h Examining data/bash-5.1~rc3/lib/readline/ansi_stdlib.h Examining data/bash-5.1~rc3/lib/readline/rltypedefs.h Examining data/bash-5.1~rc3/lib/readline/xmalloc.h Examining data/bash-5.1~rc3/lib/readline/colors.h Examining data/bash-5.1~rc3/lib/readline/undo.c Examining data/bash-5.1~rc3/lib/readline/histlib.h Examining data/bash-5.1~rc3/lib/readline/posixstat.h Examining data/bash-5.1~rc3/lib/readline/posixjmp.h Examining data/bash-5.1~rc3/lib/readline/macro.c Examining data/bash-5.1~rc3/lib/tilde/shell.c Examining data/bash-5.1~rc3/lib/tilde/tilde.h Examining data/bash-5.1~rc3/lib/tilde/tilde.c Examining data/bash-5.1~rc3/lib/malloc/stub.c Examining data/bash-5.1~rc3/lib/malloc/shmalloc.h Examining data/bash-5.1~rc3/lib/malloc/watch.c Examining data/bash-5.1~rc3/lib/malloc/getpagesize.h Examining data/bash-5.1~rc3/lib/malloc/trace.c Examining data/bash-5.1~rc3/lib/malloc/xmalloc.c Examining data/bash-5.1~rc3/lib/malloc/mstats.h Examining data/bash-5.1~rc3/lib/malloc/alloca.c Examining data/bash-5.1~rc3/lib/malloc/imalloc.h Examining data/bash-5.1~rc3/lib/malloc/stats.c Examining data/bash-5.1~rc3/lib/malloc/table.c Examining data/bash-5.1~rc3/lib/malloc/table.h Examining data/bash-5.1~rc3/lib/malloc/malloc.c Examining data/bash-5.1~rc3/lib/malloc/watch.h Examining data/bash-5.1~rc3/lib/sh/zread.c Examining data/bash-5.1~rc3/lib/sh/strcasecmp.c Examining data/bash-5.1~rc3/lib/sh/strnlen.c Examining data/bash-5.1~rc3/lib/sh/mbscmp.c Examining data/bash-5.1~rc3/lib/sh/pathcanon.c Examining data/bash-5.1~rc3/lib/sh/shquote.c Examining data/bash-5.1~rc3/lib/sh/wcswidth.c Examining data/bash-5.1~rc3/lib/sh/utf8.c Examining data/bash-5.1~rc3/lib/sh/fmtullong.c Examining data/bash-5.1~rc3/lib/sh/uconvert.c Examining data/bash-5.1~rc3/lib/sh/winsize.c Examining data/bash-5.1~rc3/lib/sh/wcsdup.c Examining data/bash-5.1~rc3/lib/sh/strchrnul.c Examining data/bash-5.1~rc3/lib/sh/ufuncs.c Examining data/bash-5.1~rc3/lib/sh/mktime.c Examining data/bash-5.1~rc3/lib/sh/strdup.c Examining data/bash-5.1~rc3/lib/sh/random.c Examining data/bash-5.1~rc3/lib/sh/tmpfile.c Examining data/bash-5.1~rc3/lib/sh/clktck.c Examining data/bash-5.1~rc3/lib/sh/zcatfd.c Examining data/bash-5.1~rc3/lib/sh/casemod.c Examining data/bash-5.1~rc3/lib/sh/strpbrk.c Examining data/bash-5.1~rc3/lib/sh/shmatch.c Examining data/bash-5.1~rc3/lib/sh/strtrans.c Examining data/bash-5.1~rc3/lib/sh/stringlist.c Examining data/bash-5.1~rc3/lib/sh/fmtulong.c Examining data/bash-5.1~rc3/lib/sh/netconn.c Examining data/bash-5.1~rc3/lib/sh/eaccess.c Examining data/bash-5.1~rc3/lib/sh/netopen.c Examining data/bash-5.1~rc3/lib/sh/getenv.c Examining data/bash-5.1~rc3/lib/sh/fmtumax.c Examining data/bash-5.1~rc3/lib/sh/getcwd.c Examining data/bash-5.1~rc3/lib/sh/timeval.c Examining data/bash-5.1~rc3/lib/sh/clock.c Examining data/bash-5.1~rc3/lib/sh/vprint.c Examining data/bash-5.1~rc3/lib/sh/makepath.c Examining data/bash-5.1~rc3/lib/sh/rename.c Examining data/bash-5.1~rc3/lib/sh/strtoul.c Examining data/bash-5.1~rc3/lib/sh/zgetline.c Examining data/bash-5.1~rc3/lib/sh/times.c Examining data/bash-5.1~rc3/lib/sh/pathphys.c Examining data/bash-5.1~rc3/lib/sh/mailstat.c Examining data/bash-5.1~rc3/lib/sh/strtoimax.c Examining data/bash-5.1~rc3/lib/sh/strtol.c Examining data/bash-5.1~rc3/lib/sh/input_avail.c Examining data/bash-5.1~rc3/lib/sh/strtoumax.c Examining data/bash-5.1~rc3/lib/sh/shmbchar.c Examining data/bash-5.1~rc3/lib/sh/zwrite.c Examining data/bash-5.1~rc3/lib/sh/mbscasecmp.c Examining data/bash-5.1~rc3/lib/sh/fnxform.c Examining data/bash-5.1~rc3/lib/sh/stringvec.c Examining data/bash-5.1~rc3/lib/sh/unicode.c Examining data/bash-5.1~rc3/lib/sh/dprintf.c Examining data/bash-5.1~rc3/lib/sh/snprintf.c Examining data/bash-5.1~rc3/lib/sh/strcasestr.c Examining data/bash-5.1~rc3/lib/sh/spell.c Examining data/bash-5.1~rc3/lib/sh/inet_aton.c Examining data/bash-5.1~rc3/lib/sh/setlinebuf.c Examining data/bash-5.1~rc3/lib/sh/fpurge.c Examining data/bash-5.1~rc3/lib/sh/strstr.c Examining data/bash-5.1~rc3/lib/sh/mbschr.c Examining data/bash-5.1~rc3/lib/sh/strtoll.c Examining data/bash-5.1~rc3/lib/sh/strtoull.c Examining data/bash-5.1~rc3/lib/sh/memset.c Examining data/bash-5.1~rc3/lib/sh/wcsnwidth.c Examining data/bash-5.1~rc3/lib/sh/strftime.c Examining data/bash-5.1~rc3/lib/sh/itos.c Examining data/bash-5.1~rc3/lib/sh/shtty.c Examining data/bash-5.1~rc3/lib/sh/gettimeofday.c Examining data/bash-5.1~rc3/lib/sh/strerror.c Examining data/bash-5.1~rc3/lib/sh/strtod.c Examining data/bash-5.1~rc3/lib/sh/zmapfd.c Examining data/bash-5.1~rc3/lib/sh/oslib.c Examining data/bash-5.1~rc3/lib/glob/glob_loop.c Examining data/bash-5.1~rc3/lib/glob/strmatch.h Examining data/bash-5.1~rc3/lib/glob/smatch.c Examining data/bash-5.1~rc3/lib/glob/strmatch.c Examining data/bash-5.1~rc3/lib/glob/collsyms.h Examining data/bash-5.1~rc3/lib/glob/glob.h Examining data/bash-5.1~rc3/lib/glob/sm_loop.c Examining data/bash-5.1~rc3/lib/glob/gm_loop.c Examining data/bash-5.1~rc3/lib/glob/gmisc.c Examining data/bash-5.1~rc3/lib/glob/ndir.h Examining data/bash-5.1~rc3/lib/glob/xmbsrtowcs.c Examining data/bash-5.1~rc3/lib/glob/glob.c Examining data/bash-5.1~rc3/lib/termcap/termcap.h Examining data/bash-5.1~rc3/lib/termcap/ltcap.h Examining data/bash-5.1~rc3/lib/termcap/termcap.c Examining data/bash-5.1~rc3/lib/termcap/version.c Examining data/bash-5.1~rc3/lib/termcap/tparam.c Examining data/bash-5.1~rc3/lib/intl/hash-string.h Examining data/bash-5.1~rc3/lib/intl/os2compat.h Examining data/bash-5.1~rc3/lib/intl/dcngettext.c Examining data/bash-5.1~rc3/lib/intl/ngettext.c Examining data/bash-5.1~rc3/lib/intl/osdep.c Examining data/bash-5.1~rc3/lib/intl/plural.c Examining data/bash-5.1~rc3/lib/intl/localealias.c Examining data/bash-5.1~rc3/lib/intl/localename.c Examining data/bash-5.1~rc3/lib/intl/intl-compat.c Examining data/bash-5.1~rc3/lib/intl/loadmsgcat.c Examining data/bash-5.1~rc3/lib/intl/gettext.c Examining data/bash-5.1~rc3/lib/intl/finddomain.c Examining data/bash-5.1~rc3/lib/intl/dcigettext.c Examining data/bash-5.1~rc3/lib/intl/textdomain.c Examining data/bash-5.1~rc3/lib/intl/dcgettext.c Examining data/bash-5.1~rc3/lib/intl/loadinfo.h Examining data/bash-5.1~rc3/lib/intl/relocatable.h Examining data/bash-5.1~rc3/lib/intl/explodename.c Examining data/bash-5.1~rc3/lib/intl/gettextP.h Examining data/bash-5.1~rc3/lib/intl/log.c Examining data/bash-5.1~rc3/lib/intl/bindtextdom.c Examining data/bash-5.1~rc3/lib/intl/dgettext.c Examining data/bash-5.1~rc3/lib/intl/os2compat.c Examining data/bash-5.1~rc3/lib/intl/localcharset.h Examining data/bash-5.1~rc3/lib/intl/plural-exp.h Examining data/bash-5.1~rc3/lib/intl/gmo.h Examining data/bash-5.1~rc3/lib/intl/eval-plural.h Examining data/bash-5.1~rc3/lib/intl/localcharset.c Examining data/bash-5.1~rc3/lib/intl/l10nflist.c Examining data/bash-5.1~rc3/lib/intl/plural-exp.c Examining data/bash-5.1~rc3/lib/intl/relocatable.c Examining data/bash-5.1~rc3/lib/intl/dngettext.c Examining data/bash-5.1~rc3/pcomplete.c Examining data/bash-5.1~rc3/xmalloc.c Examining data/bash-5.1~rc3/y.tab.c Examining data/bash-5.1~rc3/siglist.c Examining data/bash-5.1~rc3/make_cmd.c Examining data/bash-5.1~rc3/execute_cmd.h Examining data/bash-5.1~rc3/command.h Examining data/bash-5.1~rc3/bashjmp.h Examining data/bash-5.1~rc3/CWRU/misc/sigs.c Examining data/bash-5.1~rc3/CWRU/misc/errlist.c Examining data/bash-5.1~rc3/CWRU/misc/hpux10-dlfcn.h Examining data/bash-5.1~rc3/CWRU/misc/sigstat.c Examining data/bash-5.1~rc3/CWRU/misc/open-files.c Examining data/bash-5.1~rc3/stringlib.c Examining data/bash-5.1~rc3/bashtypes.h Examining data/bash-5.1~rc3/version.c Examining data/bash-5.1~rc3/subst.h Examining data/bash-5.1~rc3/builtins/gen-helpfiles.c Examining data/bash-5.1~rc3/builtins/getopt.c Examining data/bash-5.1~rc3/builtins/evalstring.c Examining data/bash-5.1~rc3/builtins/bashgetopt.c Examining data/bash-5.1~rc3/builtins/common.h Examining data/bash-5.1~rc3/builtins/mkbuiltins.c Examining data/bash-5.1~rc3/builtins/bashgetopt.h Examining data/bash-5.1~rc3/builtins/psize.c Examining data/bash-5.1~rc3/builtins/common.c Examining data/bash-5.1~rc3/builtins/evalfile.c Examining data/bash-5.1~rc3/builtins/getopt.h Examining data/bash-5.1~rc3/sig.h Examining data/bash-5.1~rc3/patchlevel.h Examining data/bash-5.1~rc3/flags.h Examining data/bash-5.1~rc3/pcomplete.h Examining data/bash-5.1~rc3/mksyntax.c Examining data/bash-5.1~rc3/pathexp.h Examining data/bash-5.1~rc3/pcomplib.c Examining data/bash-5.1~rc3/flags.c Examining data/bash-5.1~rc3/print_cmd.c Examining data/bash-5.1~rc3/array.h Examining data/bash-5.1~rc3/execute_cmd.c Examining data/bash-5.1~rc3/assoc.c Examining data/bash-5.1~rc3/syntax.h Examining data/bash-5.1~rc3/support/recho.c Examining data/bash-5.1~rc3/support/bashversion.c Examining data/bash-5.1~rc3/support/xcase.c Examining data/bash-5.1~rc3/support/zecho.c Examining data/bash-5.1~rc3/support/mksignames.c Examining data/bash-5.1~rc3/support/signames.c Examining data/bash-5.1~rc3/support/printenv.c Examining data/bash-5.1~rc3/support/man2html.c Examining data/bash-5.1~rc3/parser.h Examining data/bash-5.1~rc3/alias.c Examining data/bash-5.1~rc3/unwind_prot.c Examining data/bash-5.1~rc3/findcmd.c Examining data/bash-5.1~rc3/hashcmd.h Examining data/bash-5.1~rc3/hashlib.c Examining data/bash-5.1~rc3/xmalloc.h Examining data/bash-5.1~rc3/bashintl.h Examining data/bash-5.1~rc3/conftypes.h Examining data/bash-5.1~rc3/copy_cmd.c Examining data/bash-5.1~rc3/error.c Examining data/bash-5.1~rc3/braces.c Examining data/bash-5.1~rc3/make_cmd.h Examining data/bash-5.1~rc3/bashline.h Examining data/bash-5.1~rc3/test.h Examining data/bash-5.1~rc3/include/typemax.h Examining data/bash-5.1~rc3/include/filecntl.h Examining data/bash-5.1~rc3/include/stat-time.h Examining data/bash-5.1~rc3/include/shmbchar.h Examining data/bash-5.1~rc3/include/maxpath.h Examining data/bash-5.1~rc3/include/shmbutil.h Examining data/bash-5.1~rc3/include/posixdir.h Examining data/bash-5.1~rc3/include/posixwait.h Examining data/bash-5.1~rc3/include/posixselect.h Examining data/bash-5.1~rc3/include/unionwait.h Examining data/bash-5.1~rc3/include/gettext.h Examining data/bash-5.1~rc3/include/posixtime.h Examining data/bash-5.1~rc3/include/shtty.h Examining data/bash-5.1~rc3/include/ansi_stdlib.h Examining data/bash-5.1~rc3/include/stdc.h Examining data/bash-5.1~rc3/include/chartypes.h Examining data/bash-5.1~rc3/include/memalloc.h Examining data/bash-5.1~rc3/include/ocache.h Examining data/bash-5.1~rc3/include/posixstat.h Examining data/bash-5.1~rc3/include/posixjmp.h Examining data/bash-5.1~rc3/include/systimes.h Examining data/bash-5.1~rc3/sig.c Examining data/bash-5.1~rc3/findcmd.h Examining data/bash-5.1~rc3/unwind_prot.h Examining data/bash-5.1~rc3/externs.h Examining data/bash-5.1~rc3/debian/bash.preinst-lib.c Examining data/bash-5.1~rc3/debian/bash.preinst.c Examining data/bash-5.1~rc3/debian/bash.preinst.h Examining data/bash-5.1~rc3/debian/clear_console.c Examining data/bash-5.1~rc3/config-bot.h Examining data/bash-5.1~rc3/config-top.h Examining data/bash-5.1~rc3/bashline.c Examining data/bash-5.1~rc3/input.c FINAL RESULTS: data/bash-5.1~rc3/examples/loadables/finfo.c:353:7: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. p = readlink(f, b, 4096); data/bash-5.1~rc3/examples/loadables/mkdir.c:154:24: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (user_mode && chmod (path, nmode)) data/bash-5.1~rc3/examples/loadables/mkdir.c:185:8: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod (npath, parent_mode) != 0) data/bash-5.1~rc3/examples/loadables/stat.c:113:46: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. if (fname && S_ISLNK (sp->st_mode) && (n = readlink (fname, linkbuf, PATH_MAX)) > 0) data/bash-5.1~rc3/lib/readline/histfile.c:201:12: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. if ((n = readlink (filename, linkbuf, sizeof (linkbuf) - 1)) > 0) data/bash-5.1~rc3/lib/readline/histfile.c:230:12: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. if ((n = readlink (filename, linkbuf, sizeof (linkbuf) - 1)) > 0) data/bash-5.1~rc3/lib/readline/histfile.c:482:12: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. if ((n = readlink (filename, linkbuf, sizeof (linkbuf) - 1)) > 0) data/bash-5.1~rc3/lib/readline/histfile.c:501:12: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. if ((n = readlink (orig, linkbuf, sizeof (linkbuf) - 1)) > 0) data/bash-5.1~rc3/lib/readline/histfile.c:667:9: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. r = chown (filename, finfo.st_uid, finfo.st_gid); data/bash-5.1~rc3/lib/readline/histfile.c:811:12: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. mode = chown (histname, finfo.st_uid, finfo.st_gid); data/bash-5.1~rc3/lib/readline/tilde.c:435:12: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. if (!gets (line)) data/bash-5.1~rc3/lib/sh/pathphys.c:58:10: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. return readlink (path, buf, bufsiz); data/bash-5.1~rc3/lib/tilde/tilde.c:435:12: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. if (!gets (line)) data/bash-5.1~rc3/alias.c:572:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (line + llen, v); data/bash-5.1~rc3/array.c:866:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result + rlen, t); data/bash-5.1~rc3/array.c:874:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result + rlen, sep); data/bash-5.1~rc3/array.c:910:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (result + rlen, is); data/bash-5.1~rc3/array.c:914:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (result + rlen, valstr); data/bash-5.1~rc3/array.c:966:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (result + rlen, is); data/bash-5.1~rc3/array.c:971:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (result + rlen, valstr); data/bash-5.1~rc3/arrayfunc.c:845:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (t, subs); data/bash-5.1~rc3/arrayfunc.c:895:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (nword + i, value); data/bash-5.1~rc3/arrayfunc.c:942:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (nword + i, value); data/bash-5.1~rc3/assoc.c:407:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret+rlen, istr); data/bash-5.1~rc3/assoc.c:412:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret + rlen, vstr); data/bash-5.1~rc3/assoc.c:479:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret+rlen, istr); data/bash-5.1~rc3/assoc.c:485:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret + rlen, vstr); data/bash-5.1~rc3/bashhist.c:930:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (new_line, "%s%s%s", current->line, chars_to_add, line); data/bash-5.1~rc3/bashline.c:430:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (nval + 1, rl_completer_word_break_characters); data/bash-5.1~rc3/bashline.c:946:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (command, "%s %d", edit_command, count); data/bash-5.1~rc3/bashline.c:2390:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (value + start_len, matches[cmd_index]); data/bash-5.1~rc3/bashline.c:2448:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (value + first_char_loc, varlist[varlist_index]); data/bash-5.1~rc3/bashline.c:2490:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (t + first_char_loc, list[list_index]); data/bash-5.1~rc3/bashline.c:3119:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret, directory_part); data/bash-5.1~rc3/bashline.c:3121:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret + xl, v); data/bash-5.1~rc3/bashline.c:3145:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret, dh2); data/bash-5.1~rc3/bashline.c:3146:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret + dl2, val + xl); data/bash-5.1~rc3/bashline.c:3857:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (globtext, ttext); data/bash-5.1~rc3/bashline.c:4203:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret, rtext); data/bash-5.1~rc3/bracecomp.c:133:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (result, subterm); data/bash-5.1~rc3/bracecomp.c:142:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (result, subterm); data/bash-5.1~rc3/braces.c:62:85: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern int asprintf PARAMS((char **, const char *, ...)) __attribute__((__format__ (printf, 2, 3))); data/bash-5.1~rc3/braces.c:771:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (result[len], arr1[i]); data/bash-5.1~rc3/braces.c:772:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (result[len] + strlen_1, arr2[j]); data/bash-5.1~rc3/braces.c:805:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, format, arg1, arg2); data/bash-5.1~rc3/builtins/common.c:117:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, format, args); data/bash-5.1~rc3/builtins/common.c:138:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, format, args); data/bash-5.1~rc3/builtins/common.h:83:83: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern void builtin_error PARAMS((const char *, ...)) __attribute__((__format__ (printf, 1, 2))); data/bash-5.1~rc3/builtins/common.h:84:85: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern void builtin_warning PARAMS((const char *, ...)) __attribute__((__format__ (printf, 1, 2))); data/bash-5.1~rc3/builtins/gen-helpfiles.c:74:38: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #if !defined (__STDC__) && !defined (strcpy) data/bash-5.1~rc3/builtins/gen-helpfiles.c:75:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). extern char *strcpy (); data/bash-5.1~rc3/builtins/gen-helpfiles.c:180:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (helpfile, "helpfiles/%s", fname); data/bash-5.1~rc3/builtins/mkbuiltins.c:64:38: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #if !defined (__STDC__) && !defined (strcpy) data/bash-5.1~rc3/builtins/mkbuiltins.c:65:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). extern char *strcpy (); data/bash-5.1~rc3/builtins/mkbuiltins.c:68:23: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #define savestring(x) strcpy (xmalloc (1 + strlen (x)), (x)) data/bash-5.1~rc3/builtins/mkbuiltins.c:248:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (error_directory, argv[arg_index]); data/bash-5.1~rc3/builtins/mkbuiltins.c:998:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, format, arg1, arg2); data/bash-5.1~rc3/builtins/mkbuiltins.c:1337:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sarray[0], "%s/%s", helpfile_directory, dname); data/bash-5.1~rc3/builtins/mkbuiltins.c:1589:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (helpfile, "helpfiles/%s", bname); data/bash-5.1~rc3/debian/bash.preinst-lib.c:21:23: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format(printf, 1, 0))) data/bash-5.1~rc3/debian/bash.preinst-lib.c:25:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, err, params); data/bash-5.1~rc3/debian/bash.preinst-lib.c:31:23: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format(printf, 1, 2))) data/bash-5.1~rc3/debian/bash.preinst-lib.c:41:23: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format(printf, 1, 2))) data/bash-5.1~rc3/debian/bash.preinst.c:138:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("/bin/sh", X_OK)) { data/bash-5.1~rc3/debian/bash.preinst.h:18:42: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define PRINTFLIKE __attribute__((format(printf, 1, 2))) data/bash-5.1~rc3/error.c:156:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, format, args); data/bash-5.1~rc3/error.c:197:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, format, args); data/bash-5.1~rc3/error.c:224:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, format, args); data/bash-5.1~rc3/error.c:246:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, format, args); data/bash-5.1~rc3/error.c:268:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, format, args); data/bash-5.1~rc3/error.c:291:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, format, args); data/bash-5.1~rc3/error.c:314:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, format, args); data/bash-5.1~rc3/error.c:355:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, format, args); data/bash-5.1~rc3/error.c:410:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, format, args); data/bash-5.1~rc3/error.c:444:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (tracefp, format, args); data/bash-5.1~rc3/error.h:33:87: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern void programming_error PARAMS((const char *, ...)) __attribute__((__format__ (printf, 1, 2))); data/bash-5.1~rc3/error.h:36:82: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern void report_error PARAMS((const char *, ...)) __attribute__((__format__ (printf, 1, 2))); data/bash-5.1~rc3/error.h:39:87: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern void parser_error PARAMS((int, const char *, ...)) __attribute__((__format__ (printf, 2, 3))); data/bash-5.1~rc3/error.h:42:81: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern void fatal_error PARAMS((const char *, ...)) __attribute__((__format__ (printf, 1, 2))); data/bash-5.1~rc3/error.h:45:79: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern void sys_error PARAMS((const char *, ...)) __attribute__((__format__ (printf, 1, 2))); data/bash-5.1~rc3/error.h:48:84: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern void internal_error PARAMS((const char *, ...)) __attribute__((__format__ (printf, 1, 2))); data/bash-5.1~rc3/error.h:51:86: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern void internal_warning PARAMS((const char *, ...)) __attribute__((__format__ (printf, 1, 2))); data/bash-5.1~rc3/error.h:54:85: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern void internal_inform PARAMS((const char *, ...)) __attribute__((__format__ (printf, 1, 2))); data/bash-5.1~rc3/error.h:58:76: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern void itrace PARAMS((const char *, ...)) __attribute__ ((__format__ (printf, 1, 2))); data/bash-5.1~rc3/error.h:59:75: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern void trace PARAMS((const char *, ...)) __attribute__ ((__format__ (printf, 1, 2))); data/bash-5.1~rc3/examples/loadables/finfo.c:358:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(b, prog); data/bash-5.1~rc3/examples/loadables/finfo.c:360:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(b, strerror(p)); data/bash-5.1~rc3/examples/loadables/finfo.c:611:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, format, args); data/bash-5.1~rc3/examples/loadables/finfo.c:623:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, format, arg1, arg2, arg3, arg4, arg5); data/bash-5.1~rc3/examples/loadables/ln.c:139:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret, dir); data/bash-5.1~rc3/examples/loadables/ln.c:142:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret + dlen, file); data/bash-5.1~rc3/examples/loadables/logname.c:47:8: [4] (misc) getlogin: It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid()) and extract the desired information instead. np = getlogin (); data/bash-5.1~rc3/examples/loadables/pathchk.c:245:7: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access (path, X_OK) != 0) data/bash-5.1~rc3/examples/loadables/seq.c:161:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ldfmt + length_modifier_offset + 1, data/bash-5.1~rc3/examples/loadables/seq.c:164:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ldfmt + length_modifier_offset, fmt + length_modifier_offset); data/bash-5.1~rc3/examples/loadables/seq.c:199:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf (buf, sizeof (buf), FLOATMAX_FMT, incr); data/bash-5.1~rc3/examples/loadables/seq.c:202:12: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. wfirst = snprintf (buf, sizeof (buf), FLOATMAX_FMT, first); data/bash-5.1~rc3/examples/loadables/seq.c:207:11: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. wlast = snprintf (buf, sizeof (buf), FLOATMAX_FMT, last); data/bash-5.1~rc3/examples/loadables/seq.c:225:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (buf, "%%0%d.%d%sf", width, prec, FLOATMAX_CONV); data/bash-5.1~rc3/examples/loadables/seq.c:227:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (buf, "%%.%d%sf", prec, FLOATMAX_CONV); data/bash-5.1~rc3/examples/loadables/seq.c:248:11: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (printf (fmt, next) < 0) data/bash-5.1~rc3/examples/loadables/seq.c:293:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf (intwfmt, sizeof (intwfmt), "%%s%%0%u" PRIdMAX, width); data/bash-5.1~rc3/examples/loadables/seq.c:302:11: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (printf (equal_width ? intwfmt : "%s%" PRIdMAX, s, i) < 0) data/bash-5.1~rc3/execute_cmd.c:1271:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (str + sindex, ts); data/bash-5.1~rc3/execute_cmd.c:1302:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (str + sindex, ts); data/bash-5.1~rc3/execute_cmd.c:2301:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (namevar, "%s_READ", cp->c_name); data/bash-5.1~rc3/execute_cmd.c:2305:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (namevar, "%s_WRITE", cp->c_name); data/bash-5.1~rc3/execute_cmd.c:2311:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (namevar, "%s_PID", cp->c_name); data/bash-5.1~rc3/execute_cmd.c:2332:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (namevar, "%s_PID", cp->c_name); data/bash-5.1~rc3/execute_cmd.c:2338:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (namevar, "%s_READ", cp->c_name); data/bash-5.1~rc3/execute_cmd.c:2340:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (namevar, "%s_WRITE", cp->c_name); data/bash-5.1~rc3/expr.c:382:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (lhs, "%s[%s]", vname, istr); /* XXX */ data/bash-5.1~rc3/expr.c:1659:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, format, arg1, arg2, arg3, arg4, arg5); data/bash-5.1~rc3/externs.h:202:82: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern void dprintf PARAMS((int, const char *, ...)) __attribute__((__format__ (printf, 2, 3))); data/bash-5.1~rc3/findcmd.c:147:46: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (exec_name_should_ignore (name) == 0 && access (name, X_OK) == 0) data/bash-5.1~rc3/findcmd.c:149:7: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access (name, R_OK) == 0) data/bash-5.1~rc3/findcmd.c:291:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (dotexe, name); data/bash-5.1~rc3/general.h:64:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #if !defined (strcpy) && (defined (HAVE_DECL_STRCPY) && !HAVE_DECL_STRCPY) data/bash-5.1~rc3/general.h:65:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). extern char *strcpy PARAMS((char *, const char *)); data/bash-5.1~rc3/general.h:69:33: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). # define savestring(x) (char *)strcpy (xmalloc (1 + strlen (x)), (x)) data/bash-5.1~rc3/hashcmd.c:154:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (dotted_filename + 2, tail); data/bash-5.1~rc3/jobs.c:1963:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stream, format ? " " : " |"); data/bash-5.1~rc3/lib/glob/glob.c:518:35: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. # define GLOB_TESTNAME(name) (access (name, F_OK)) data/bash-5.1~rc3/lib/glob/glob.c:718:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (npat, pat); data/bash-5.1~rc3/lib/glob/glob.c:721:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (nextname, dir); data/bash-5.1~rc3/lib/glob/glob.c:723:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (nextname + dirlen, npat); data/bash-5.1~rc3/lib/glob/glob.c:1061:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (result[i], dir); data/bash-5.1~rc3/lib/glob/glob.c:1066:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (result[i] + l + add_slash, array[i]); data/bash-5.1~rc3/lib/intl/localcharset.c:190:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (res_ptr + res_size - (l2 + 1) - (l1 + 1), buf1); data/bash-5.1~rc3/lib/intl/localcharset.c:191:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (res_ptr + res_size - (l2 + 1), buf2); data/bash-5.1~rc3/lib/intl/log.c:86:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (last_logfilename, logfilename); data/bash-5.1~rc3/lib/intl/os2compat.c:99:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (libintl_nl_default_dirname, _nlos2_localedir); data/bash-5.1~rc3/lib/intl/plural.c:653:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/bash-5.1~rc3/lib/intl/relocatable.c:431:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (result + curr_prefix_len, pathname_tail); data/bash-5.1~rc3/lib/malloc/stats.c:183:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (defbuf, "%s%ld", def, l); data/bash-5.1~rc3/lib/readline/bind.c:78:81: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static void _rl_init_file_error (const char *, ...) __attribute__((__format__ (printf, 1, 2))); data/bash-5.1~rc3/lib/readline/bind.c:1077:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, format, args); data/bash-5.1~rc3/lib/readline/bind.c:2650:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (keyname, seqs[i]); data/bash-5.1~rc3/lib/readline/bind.c:2797:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (keyname, prefix); data/bash-5.1~rc3/lib/readline/bind.c:2808:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (out, prefix); data/bash-5.1~rc3/lib/readline/bind.c:2809:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (out + prefix_len, keyname); data/bash-5.1~rc3/lib/readline/complete.c:671:11: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access (filename, X_OK) == 0) data/bash-5.1~rc3/lib/readline/complete.c:985:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (new_full_pathname, s); data/bash-5.1~rc3/lib/readline/complete.c:990:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (new_full_pathname + slen + 1, to_print); data/bash-5.1~rc3/lib/readline/complete.c:1056:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (r + 1, s); data/bash-5.1~rc3/lib/readline/complete.c:1390:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (match_list[0], text); data/bash-5.1~rc3/lib/readline/complete.c:2310:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (value + first_char_loc, entry->pw_name); data/bash-5.1~rc3/lib/readline/complete.c:2495:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (filename, ++temp); data/bash-5.1~rc3/lib/readline/complete.c:2502:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (filename, dirname + 2); data/bash-5.1~rc3/lib/readline/complete.c:2641:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp, dirname); data/bash-5.1~rc3/lib/readline/complete.c:2654:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp, users_dirname); data/bash-5.1~rc3/lib/readline/complete.c:2660:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp + dirlen, convfn); data/bash-5.1~rc3/lib/readline/display.c:370:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (nprompt + mlen, pmt); data/bash-5.1~rc3/lib/readline/display.c:2601:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (visible_line, lprompt); data/bash-5.1~rc3/lib/readline/display.c:2602:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (invisible_line, lprompt); data/bash-5.1~rc3/lib/readline/display.c:2949:11: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. bneed = vsnprintf (msg_buf, msg_bufsiz, format, args); data/bash-5.1~rc3/lib/readline/display.c:2962:7: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf (msg_buf, msg_bufsiz - 1, format, args); data/bash-5.1~rc3/lib/readline/display.c:2965:3: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf (msg_buf, format, args); data/bash-5.1~rc3/lib/readline/display.c:3000:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (msg_buf, format, arg1, arg2); data/bash-5.1~rc3/lib/readline/display.c:3119:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (pmt, rl_prompt); data/bash-5.1~rc3/lib/readline/display.c:3129:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (pmt, p); data/bash-5.1~rc3/lib/readline/examples/excallback.c:175:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(line_buf, rl_line_buffer); data/bash-5.1~rc3/lib/readline/examples/excallback.c:193:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prompt_buf, "%s", data/bash-5.1~rc3/lib/readline/examples/fileman.c:124:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (r, s); data/bash-5.1~rc3/lib/readline/examples/fileman.c:335:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (syscom, "ls -FClg %s", arg); data/bash-5.1~rc3/lib/readline/examples/fileman.c:336:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return (system (syscom)); data/bash-5.1~rc3/lib/readline/examples/fileman.c:348:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (syscom, "less %s", arg); data/bash-5.1~rc3/lib/readline/examples/fileman.c:350:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (syscom, "more %s", arg); data/bash-5.1~rc3/lib/readline/examples/fileman.c:352:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return (system (syscom)); data/bash-5.1~rc3/lib/readline/histexpand.c:420:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp + ll + 2, emsg); data/bash-5.1~rc3/lib/readline/histexpand.c:504:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (new + j, subst_lhs); data/bash-5.1~rc3/lib/readline/histexpand.c:860:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (result, temp); data/bash-5.1~rc3/lib/readline/histexpand.c:892:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (result + j - sl, s); \ data/bash-5.1~rc3/lib/readline/histexpand.c:959:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (string + 4, hstring); data/bash-5.1~rc3/lib/readline/histexpand.c:1194:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp, string + i); data/bash-5.1~rc3/lib/readline/histexpand.c:1228:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp, result); data/bash-5.1~rc3/lib/readline/histexpand.c:1435:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (result + offset, list[i]); data/bash-5.1~rc3/lib/readline/histfile.c:177:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (return_val, home); data/bash-5.1~rc3/lib/readline/histfile.c:210:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret, fn); data/bash-5.1~rc3/lib/readline/histfile.c:239:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret, fn); data/bash-5.1~rc3/lib/readline/histfile.c:770:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (buffer + j, the_history[i]->timestamp); data/bash-5.1~rc3/lib/readline/histfile.c:774:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (buffer + j, the_history[i]->line); data/bash-5.1~rc3/lib/readline/histlib.h:38:23: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #define savestring(x) strcpy (xmalloc (1 + strlen (x)), (x)) data/bash-5.1~rc3/lib/readline/history.c:428:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (hent->line + curlen, line); data/bash-5.1~rc3/lib/readline/histsearch.c:238:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (pat + start, string); data/bash-5.1~rc3/lib/readline/isearch.c:190:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (message + msglen, search_string); data/bash-5.1~rc3/lib/readline/isearch.c:236:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (cxt->allocated_line, &rl_line_buffer[0]); data/bash-5.1~rc3/lib/readline/isearch.c:565:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (cxt->search_string, last_isearch_string); data/bash-5.1~rc3/lib/readline/isearch.c:693:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (cxt->search_string + cxt->search_string_index, paste); data/bash-5.1~rc3/lib/readline/kill.c:138:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (new, old); data/bash-5.1~rc3/lib/readline/kill.c:139:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (new, text); data/bash-5.1~rc3/lib/readline/kill.c:143:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (new, text); data/bash-5.1~rc3/lib/readline/kill.c:144:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (new, old); data/bash-5.1~rc3/lib/readline/readline.c:488:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (the_line, temp); data/bash-5.1~rc3/lib/readline/readline.h:406:71: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern int rl_message (const char *, ...) __attribute__((__format__ (printf, 1, 2))); data/bash-5.1~rc3/lib/readline/rldefs.h:119:23: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #define savestring(x) strcpy ((char *)xmalloc (1 + strlen (x)), (x)) data/bash-5.1~rc3/lib/readline/rlprivate.h:435:72: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern void _rl_ttymsg (const char *, ...) __attribute__((__format__ (printf, 1, 2))); data/bash-5.1~rc3/lib/readline/rlprivate.h:436:72: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern void _rl_errmsg (const char *, ...) __attribute__((__format__ (printf, 1, 2))); data/bash-5.1~rc3/lib/readline/rlprivate.h:437:71: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern void _rl_trace (const char *, ...) __attribute__((__format__ (printf, 1, 2))); data/bash-5.1~rc3/lib/readline/rltty.c:667:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (rl_outstream, BRACK_PASTE_INIT); data/bash-5.1~rc3/lib/readline/rltty.c:694:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (rl_outstream, BRACK_PASTE_FINI); data/bash-5.1~rc3/lib/readline/savestring.c:38:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret, s); data/bash-5.1~rc3/lib/readline/shell.c:166:21: [4] (misc) getlogin: It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid()) and extract the desired information instead. entry = getpwnam (getlogin ()); data/bash-5.1~rc3/lib/readline/text.c:218:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (rl_line_buffer, text); data/bash-5.1~rc3/lib/readline/tilde.c:68:23: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #define savestring(x) strcpy ((char *)xmalloc (1 + strlen (x)), (x)) data/bash-5.1~rc3/lib/readline/tilde.c:251:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (result + result_index, expansion); data/bash-5.1~rc3/lib/readline/tilde.c:327:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret, prefix); data/bash-5.1~rc3/lib/readline/tilde.c:328:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret + plen, suffix + suffind); data/bash-5.1~rc3/lib/readline/util.c:253:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, format, args); data/bash-5.1~rc3/lib/readline/util.c:283:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stderr, format, args); data/bash-5.1~rc3/lib/readline/util.c:296:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, format, arg1, arg2); data/bash-5.1~rc3/lib/readline/util.c:307:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, format, arg1, arg2); data/bash-5.1~rc3/lib/readline/util.c:462:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return (strcpy ((char *)xmalloc (1 + (int)strlen (s)), (s))); data/bash-5.1~rc3/lib/readline/util.c:491:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (_rl_tracefp, format, args); data/bash-5.1~rc3/lib/sh/dprintf.c:63:8: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. rc = vfprintf (fp, format, args); data/bash-5.1~rc3/lib/sh/eaccess.c:114:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (pbuf, DEV_FD_PREFIX); data/bash-5.1~rc3/lib/sh/eaccess.c:115:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (pbuf, path + 8); data/bash-5.1~rc3/lib/sh/eaccess.c:187:7: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. r = access (path, mode); data/bash-5.1~rc3/lib/sh/eaccess.c:222:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return access (path, mode|EFF_ONLY_OK); data/bash-5.1~rc3/lib/sh/eaccess.c:234:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. ret = access (path, mode); data/bash-5.1~rc3/lib/sh/mailstat.c:95:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dir, "%s/cur", path); data/bash-5.1~rc3/lib/sh/mailstat.c:101:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dir, "%s/tmp", path); data/bash-5.1~rc3/lib/sh/mailstat.c:107:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dir, "%s/new", path); data/bash-5.1~rc3/lib/sh/mailstat.c:126:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dir, "%s/%s", path, i ? "cur" : "new"); data/bash-5.1~rc3/lib/sh/mailstat.c:127:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file, "%s/", dir); data/bash-5.1~rc3/lib/sh/mailstat.c:135:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(file + l, fn->d_name); data/bash-5.1~rc3/lib/sh/netopen.c:300:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (np, path); data/bash-5.1~rc3/lib/sh/pathcanon.c:53:15: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. static char system[MAXPATHLEN]; data/bash-5.1~rc3/lib/sh/pathcanon.c:66:52: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. cygwin_internal (CW_GET_CYGDRIVE_INFO, user, system, user_flags, system_flags); data/bash-5.1~rc3/lib/sh/pathcanon.c:69:57: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return !strcasecmp (path, user) || !strcasecmp (path, system); data/bash-5.1~rc3/lib/sh/pathphys.c:101:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (workpath, path); data/bash-5.1~rc3/lib/sh/pathphys.c:208:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tbuf, linkbuf); data/bash-5.1~rc3/lib/sh/pathphys.c:210:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tbuf + linklen, p); data/bash-5.1~rc3/lib/sh/pathphys.c:211:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (workpath, tbuf); data/bash-5.1~rc3/lib/sh/snprintf.c:1216:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret, re); data/bash-5.1~rc3/lib/sh/snprintf.c:1658:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (obuf, fmtbuf, data->width, data->precision, ld); data/bash-5.1~rc3/lib/sh/snprintf.c:1660:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (obuf, fmtbuf, data->width, ld); data/bash-5.1~rc3/lib/sh/snprintf.c:1662:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (obuf, fmtbuf, data->precision, ld); data/bash-5.1~rc3/lib/sh/snprintf.c:1664:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (obuf, fmtbuf, ld); data/bash-5.1~rc3/lib/sh/snprintf.c:1689:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (obuf, fmtbuf, data->width, data->precision, d); data/bash-5.1~rc3/lib/sh/snprintf.c:1691:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (obuf, fmtbuf, data->width, d); data/bash-5.1~rc3/lib/sh/snprintf.c:1693:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (obuf, fmtbuf, data->precision, d); data/bash-5.1~rc3/lib/sh/snprintf.c:1695:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (obuf, fmtbuf, d); data/bash-5.1~rc3/lib/sh/snprintf.c:1706:1: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(char *string, size_t length, const char *format, va_list args) data/bash-5.1~rc3/lib/sh/snprintf.c:1708:1: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(string, length, format, args) data/bash-5.1~rc3/lib/sh/snprintf.c:1725:1: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(char *string, size_t length, const char * format, ...) data/bash-5.1~rc3/lib/sh/snprintf.c:1727:1: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(string, length, format, va_alist) data/bash-5.1~rc3/lib/sh/snprintf.c:2072:35: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. i = snprintf(holder, 100, "%p", vsnprintf); data/bash-5.1~rc3/lib/sh/snprintf.c:2073:26: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. i = asprintf(&h, "%p", vsnprintf); data/bash-5.1~rc3/lib/sh/snprintf.c:2074:20: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. printf("<%p>\n", vsnprintf); data/bash-5.1~rc3/lib/sh/spell.c:134:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(best, dp->d_name); data/bash-5.1~rc3/lib/sh/strerror.c:68:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (emsg, errbase); data/bash-5.1~rc3/lib/sh/strerror.c:69:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (emsg, z); data/bash-5.1~rc3/lib/sh/strftime.c:252:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(savetz, tz); data/bash-5.1~rc3/lib/sh/strftime.c:265:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(savetz, tz); data/bash-5.1~rc3/lib/sh/strftime.c:268:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(savetz, tz); data/bash-5.1~rc3/lib/sh/strftime.c:327:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tbuf, days_a[timeptr->tm_wday]); data/bash-5.1~rc3/lib/sh/strftime.c:334:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tbuf, days_l[timeptr->tm_wday]); data/bash-5.1~rc3/lib/sh/strftime.c:342:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tbuf, months_a[timeptr->tm_mon]); data/bash-5.1~rc3/lib/sh/strftime.c:349:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tbuf, months_l[timeptr->tm_mon]); data/bash-5.1~rc3/lib/sh/strftime.c:369:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(tbuf, flag data/bash-5.1~rc3/lib/sh/strftime.c:416:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tbuf, m_d); data/bash-5.1~rc3/lib/sh/strftime.c:448:6: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(tbuf, flag data/bash-5.1~rc3/lib/sh/strftime.c:503:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tbuf, ampm[0]); data/bash-5.1~rc3/lib/sh/strftime.c:505:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tbuf, ampm[1]); data/bash-5.1~rc3/lib/sh/strftime.c:585:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(tbuf, flag data/bash-5.1~rc3/lib/sh/strftime.c:655:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tbuf, tzname[i]); data/bash-5.1~rc3/lib/sh/strftime.c:658:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tbuf, timeptr->tm_zone); data/bash-5.1~rc3/lib/sh/strftime.c:661:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tbuf, timeptr->tm_name); data/bash-5.1~rc3/lib/sh/strftime.c:664:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tbuf, timezone(zone.tz_minuteswest, data/bash-5.1~rc3/lib/sh/strftime.c:717:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, tbuf); data/bash-5.1~rc3/lib/sh/stringlist.c:214:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (t, prefix); data/bash-5.1~rc3/lib/sh/stringlist.c:215:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (t + plen, sl->list[i]); data/bash-5.1~rc3/lib/sh/stringlist.c:217:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (t + plen + llen, suffix); data/bash-5.1~rc3/lib/sh/tmpfile.c:157:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (filename, nameroot); data/bash-5.1~rc3/lib/sh/tmpfile.c:159:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (filename, "%s/%s.XXXXXX", tdir, lroot); data/bash-5.1~rc3/lib/sh/tmpfile.c:160:7: [4] (tmpfile) mktemp: Temporary file race condition (CWE-377). if (mktemp (filename) == 0) data/bash-5.1~rc3/lib/sh/tmpfile.c:173:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (filename, "%s/%s-%lu", tdir, lroot, filenum); data/bash-5.1~rc3/lib/sh/tmpfile.c:211:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (filename, nameroot); data/bash-5.1~rc3/lib/sh/tmpfile.c:213:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (filename, "%s/%s.XXXXXX", tdir, lroot); data/bash-5.1~rc3/lib/sh/tmpfile.c:231:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (filename, "%s/%s-%lu", tdir, lroot, filenum); data/bash-5.1~rc3/lib/sh/tmpfile.c:286:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (filename, nameroot); data/bash-5.1~rc3/lib/sh/tmpfile.c:288:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (filename, "%s/%s.XXXXXX", tdir, lroot); data/bash-5.1~rc3/lib/sh/unicode.c:324:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (s, obuf); data/bash-5.1~rc3/lib/sh/vprint.c:43:1: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (iop, fmt, ap) data/bash-5.1~rc3/lib/sh/vprint.c:71:1: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf (str, fmt, ap) data/bash-5.1~rc3/lib/sh/wcsdup.c:42:11: [4] (buffer) wcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. return (wcscpy (ret, ws)); data/bash-5.1~rc3/lib/termcap/termcap.c:477:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (bp, term); data/bash-5.1~rc3/lib/termcap/termcap.c:515:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (bp, termcap_name); data/bash-5.1~rc3/lib/termcap/termcap.c:553:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (bp, tcenv); data/bash-5.1~rc3/lib/termcap/tparam.c:323:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (op, up); data/bash-5.1~rc3/lib/termcap/tparam.c:325:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (op, left); data/bash-5.1~rc3/lib/tilde/tilde.c:68:23: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #define savestring(x) strcpy ((char *)xmalloc (1 + strlen (x)), (x)) data/bash-5.1~rc3/lib/tilde/tilde.c:251:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (result + result_index, expansion); data/bash-5.1~rc3/lib/tilde/tilde.c:327:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret, prefix); data/bash-5.1~rc3/lib/tilde/tilde.c:328:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret + plen, suffix + suffind); data/bash-5.1~rc3/locale.c:431:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (t, string); data/bash-5.1~rc3/locale.c:446:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (t, string); data/bash-5.1~rc3/locale.c:454:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (t, translated); data/bash-5.1~rc3/mailcheck.c:354:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (mp, DEFAULT_MAIL_DIRECTORY); data/bash-5.1~rc3/mailcheck.c:356:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (mp + sizeof (DEFAULT_MAIL_DIRECTORY), current_user.user_name); data/bash-5.1~rc3/pcomplete.c:90:74: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static void debug_printf (const char *, ...) __attribute__((__format__ (printf, 1, 2))); data/bash-5.1~rc3/pcomplete.c:210:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stdout, format, args); data/bash-5.1~rc3/pcomplete.c:1236:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (cscmd, cs->command); /* $0 */ data/bash-5.1~rc3/pcomplete.c:1244:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (cscmd + cmdlen, t); data/bash-5.1~rc3/pcomplete.c:1686:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (nline + start + nlen, pcomp_line + start + olen); data/bash-5.1~rc3/print_cmd.c:53:12: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern int printf PARAMS((const char *, ...)); /* Yuck. Double yuck. */ data/bash-5.1~rc3/print_cmd.c:62:77: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static void cprintf PARAMS((const char *, ...)) __attribute__((__format__ (printf, 1, 2))); data/bash-5.1~rc3/print_cmd.c:63:77: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. static void xprintf PARAMS((const char *, ...)) __attribute__((__format__ (printf, 1, 2))); data/bash-5.1~rc3/print_cmd.c:1415:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (result + i, result + i + 1); data/bash-5.1~rc3/print_cmd.c:1600:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stdout, format, args); data/bash-5.1~rc3/print_cmd.c:1610:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (format, arg1, arg2, arg3, arg4, arg5); data/bash-5.1~rc3/redir.c:874:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (redirectee->word, new_redirect->redirectee.filename->word); data/bash-5.1~rc3/shell.c:1867:25: [4] (misc) getlogin: It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid()) and extract the desired information instead. entry = getpwnam (getlogin ()); data/bash-5.1~rc3/stringlib.c:210:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (r, t); data/bash-5.1~rc3/stringlib.c:218:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (r, text); data/bash-5.1~rc3/subst.c:1733:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (string, temp); data/bash-5.1~rc3/subst.c:4183:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return (strcpy (result, string)); data/bash-5.1~rc3/subst.c:4317:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return (strcpy (result, string)); data/bash-5.1~rc3/subst.c:4401:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (string, t); data/bash-5.1~rc3/subst.c:5864:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret, DEV_FD_PREFIX); data/bash-5.1~rc3/subst.c:5866:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret + sizeof (DEV_FD_PREFIX) - 1, p); data/bash-5.1~rc3/subst.c:6773:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tt + 1, name); data/bash-5.1~rc3/subst.c:7674:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (ret, "declare -%s %s", flags, v->name); data/bash-5.1~rc3/subst.c:7676:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (ret, "declare -%s %s=%s", flags, v->name, val); data/bash-5.1~rc3/subst.c:7678:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (ret, "%s=%s", v->name, val); data/bash-5.1~rc3/subst.c:7723:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (ret, "declare -%s %s=%s", flags, v->name, val); data/bash-5.1~rc3/subst.c:7725:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (ret, "declare -%s %s", flags, v->name); data/bash-5.1~rc3/subst.c:7743:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret + 7, temp); data/bash-5.1~rc3/subst.c:8223:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret, string); data/bash-5.1~rc3/subst.c:8226:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret, rep); data/bash-5.1~rc3/subst.c:8227:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret + replen, string); data/bash-5.1~rc3/subst.c:8231:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret, string); data/bash-5.1~rc3/subst.c:8232:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret + l, rep); data/bash-5.1~rc3/subst.c:8243:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret, rep); data/bash-5.1~rc3/subst.c:8324:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret + rptr, str); data/bash-5.1~rc3/subst.c:8872:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name + 2, temp1); data/bash-5.1~rc3/subst.c:8875:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name + 1, temp1); data/bash-5.1~rc3/subst.c:11005:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (r, temp); data/bash-5.1~rc3/support/bashversion.c:125:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (dv, dist_version); data/bash-5.1~rc3/support/man2html.c:194:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new, from); data/bash-5.1~rc3/support/man2html.c:459:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(signature, manpage, datbuf); data/bash-5.1~rc3/support/man2html.c:916:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(sizebuf, change_to_font(0)); data/bash-5.1~rc3/support/man2html.c:933:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(sizebuf, change_to_font(i)); data/bash-5.1~rc3/support/man2html.c:2139:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(manidx + mip, "<DT><A HREF=\"#%s\">%s</A><DD>\n", label, c); data/bash-5.1~rc3/support/man2html.c:2902:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(th_page_and_sec, "%s(%s)", wordlist[0], wordlist[1]); data/bash-5.1~rc3/variables.c:767:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name, cdir); data/bash-5.1~rc3/variables.c:768:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name + len, shell_name + 1); data/bash-5.1~rc3/variables.c:989:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (d, dist_version); data/bash-5.1~rc3/variables.c:1555:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (static_shell_name, value); data/bash-5.1~rc3/variables.c:2988:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (retval, oval); data/bash-5.1~rc3/variables.c:2990:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (retval+olen, value); data/bash-5.1~rc3/variables.c:3016:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (retval, oval); data/bash-5.1~rc3/variables.c:3018:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (retval+olen, value); data/bash-5.1~rc3/variables.c:3075:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (new + len, value); data/bash-5.1~rc3/variables.c:5112:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (evar, env_prefix); data/bash-5.1~rc3/variables.c:5114:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (evar + preflen, value); data/bash-5.1~rc3/version.c:70:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tt, "%s.%d(%d)-%s", dist_version, patch_level, build_version, release_status); data/bash-5.1~rc3/version.c:76:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (tt, "%s.%d(%d)", dist_version, patch_level, build_version); data/bash-5.1~rc3/y.tab.c:1485:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/bash-5.1~rc3/y.tab.c:5230:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (r, s); data/bash-5.1~rc3/y.tab.c:5830:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ret + retind, nestret); \ data/bash-5.1~rc3/y.tab.c:7362:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (token + token_index, ttok); data/bash-5.1~rc3/y.tab.c:7389:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (token + token_index, ttok); data/bash-5.1~rc3/y.tab.c:7414:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (token + token_index, ttok); data/bash-5.1~rc3/y.tab.c:7456:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (token + token_index, ttok); data/bash-5.1~rc3/y.tab.c:7505:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (token + token_index, ttrans); data/bash-5.1~rc3/y.tab.c:7544:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (token + token_index, ttok); data/bash-5.1~rc3/y.tab.c:7566:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (token + token_index, ttok); data/bash-5.1~rc3/y.tab.c:7672:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (the_word->word, token); data/bash-5.1~rc3/y.tab.c:7718:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (the_word->word, token+1); data/bash-5.1~rc3/y.tab.c:8251:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp, dist_version); data/bash-5.1~rc3/y.tab.c:8253:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (temp, "%s.%d", dist_version, patch_level); data/bash-5.1~rc3/y.tab.c:8286:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (t_string, temp); data/bash-5.1~rc3/y.tab.c:8309:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (t_string, temp); data/bash-5.1~rc3/debian/clear_console.c:191:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!strcmp(getenv("TERM"), "screen")) data/bash-5.1~rc3/debian/clear_console.c:255:16: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. result = getopt_long(argc, argv, "Vhq", opts, &an_option); data/bash-5.1~rc3/examples/loadables/finfo.c:584:6: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. r = getopt(c, v, o); data/bash-5.1~rc3/include/ansi_stdlib.h:51:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. extern char *getenv (); data/bash-5.1~rc3/lib/intl/dcigettext.c:154:7: [3] (buffer) getwd: This does not protect against buffer overflows by itself, so use with caution (CWE-120, CWE-20). Use getcwd instead. char *getwd (); data/bash-5.1~rc3/lib/intl/dcigettext.c:155:28: [3] (buffer) getwd: This does not protect against buffer overflows by itself, so use with caution (CWE-120, CWE-20). Use getcwd instead. # define getcwd(buf, max) getwd (buf) data/bash-5.1~rc3/lib/intl/dcigettext.c:721:33: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *logfilename = getenv ("GETTEXT_LOG_UNTRANSLATED"); data/bash-5.1~rc3/lib/intl/dcigettext.c:1160:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. language = getenv ("LANGUAGE"); data/bash-5.1~rc3/lib/intl/loadmsgcat.c:827:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. outcharset = getenv ("OUTPUT_CHARSET"); data/bash-5.1~rc3/lib/intl/localcharset.c:298:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. locale = getenv ("LC_ALL"); data/bash-5.1~rc3/lib/intl/localcharset.c:301:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. locale = getenv ("LC_CTYPE"); data/bash-5.1~rc3/lib/intl/localcharset.c:303:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. locale = getenv ("LANG"); data/bash-5.1~rc3/lib/intl/localcharset.c:331:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. locale = getenv ("LC_ALL"); data/bash-5.1~rc3/lib/intl/localcharset.c:334:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. locale = getenv ("LC_CTYPE"); data/bash-5.1~rc3/lib/intl/localcharset.c:336:11: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. locale = getenv ("LANG"); data/bash-5.1~rc3/lib/intl/localename.c:400:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. retval = getenv ("LC_ALL"); data/bash-5.1~rc3/lib/intl/localename.c:404:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. retval = getenv (categoryname); data/bash-5.1~rc3/lib/intl/localename.c:408:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. retval = getenv ("LANG"); data/bash-5.1~rc3/lib/intl/localename.c:432:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. retval = getenv ("LC_ALL"); data/bash-5.1~rc3/lib/intl/localename.c:435:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. retval = getenv (categoryname); data/bash-5.1~rc3/lib/intl/localename.c:438:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. retval = getenv ("LANG"); data/bash-5.1~rc3/lib/intl/os2compat.c:53:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *root = getenv ("UNIXROOT"); data/bash-5.1~rc3/lib/intl/os2compat.c:54:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *gnulocaledir = getenv ("GNULOCALEDIR"); data/bash-5.1~rc3/lib/intl/os2compat.h:45:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. #define getenv _nl_getenv data/bash-5.1~rc3/lib/readline/ansi_stdlib.h:51:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. extern char *getenv (); data/bash-5.1~rc3/lib/readline/complete.c:1516:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. envcols = getenv ("COLUMNS"); data/bash-5.1~rc3/lib/readline/examples/rl.c:101:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "p:u:d:n:")) != EOF) data/bash-5.1~rc3/lib/readline/examples/rlcat.c:89:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "vEVN")) != EOF) data/bash-5.1~rc3/lib/readline/shell.c:151:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. return ((char *)getenv (varname)); data/bash-5.1~rc3/lib/sh/getenv.c:50:1: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. getenv (name) data/bash-5.1~rc3/lib/sh/getenv.c:96:11: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. return (getenv (name)); data/bash-5.1~rc3/lib/sh/strftime.c:243:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. tz = getenv("TZ"); data/bash-5.1~rc3/lib/sh/tmpfile.c:52:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random() rand() data/bash-5.1~rc3/lib/sh/tmpfile.c:128:7: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom (tv.tv_sec ^ tv.tv_usec ^ (getpid () << 16) ^ (uintptr_t)&d); data/bash-5.1~rc3/lib/sh/tmpfile.c:172:45: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. (unsigned long) ((flags & MT_USERANDOM) ? random () : ntmpfiles++); data/bash-5.1~rc3/lib/sh/tmpfile.c:230:45: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. (unsigned long) ((flags & MT_USERANDOM) ? random () : ntmpfiles++); data/bash-5.1~rc3/lib/termcap/termcap.c:40:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. extern char *getenv (); data/bash-5.1~rc3/lib/termcap/termcap.c:59:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *getenv (); data/bash-5.1~rc3/lib/termcap/termcap.c:487:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. termcap_name = getenv ("TERMCAP"); data/bash-5.1~rc3/lib/termcap/termcap.c:507:48: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (termcap_name && !filep && !strcmp (name, getenv ("TERM"))) data/bash-5.1~rc3/lib/termcap/tparam.c:28:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. extern char *getenv (); data/bash-5.1~rc3/lib/tilde/shell.c:54:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. return ((char *)getenv (varname)); data/bash-5.1~rc3/mksyntax.c:330:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt (argc, argv, "do:")) != EOF) data/bash-5.1~rc3/shell.c:415:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv ("POSIXLY_CORRECT") || getenv ("POSIX_PEDANTIC")) data/bash-5.1~rc3/shell.c:415:37: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv ("POSIXLY_CORRECT") || getenv ("POSIX_PEDANTIC")) data/bash-5.1~rc3/support/bashversion.c:76:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "hrvmpslx")) != EOF) data/bash-5.1~rc3/support/man2html.c:4000:14: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(argc, argv, "")) != EOF) { data/bash-5.1~rc3/support/xcase.c:54:14: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(ac, av, "lnu")) != EOF) { data/bash-5.1~rc3/CWRU/misc/errlist.c:42:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n = atoi(v[i]); data/bash-5.1~rc3/CWRU/misc/sigstat.c:31:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *signames[NSIG]; data/bash-5.1~rc3/CWRU/misc/sigstat.c:55:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sigstat(atoi(argv[i])); data/bash-5.1~rc3/CWRU/misc/sigstat.c:224:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (signames[i], "signal %d", i); data/bash-5.1~rc3/array.c:890:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indstr[INT_STRLEN_BOUND(intmax_t) + 1]; data/bash-5.1~rc3/array.c:917:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (result + rlen, "\"\""); data/bash-5.1~rc3/array.c:944:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indstr[INT_STRLEN_BOUND(intmax_t) + 1]; data/bash-5.1~rc3/array.c:1132:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lbuf[INT_STRLEN_BOUND (intmax_t) + 1]; data/bash-5.1~rc3/arrayfunc.c:888:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (nword+1, sub, i); data/bash-5.1~rc3/arrayfunc.c:930:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (nword+1, key, wlen); data/bash-5.1~rc3/assoc.c:417:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (ret + rlen, "\"\""); data/bash-5.1~rc3/bashhist.c:217:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hx[2]; data/bash-5.1~rc3/bashhist.c:449:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (filename, O_WRONLY|O_CREAT, 0600); data/bash-5.1~rc3/bashhist.c:492:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = open (hf, O_CREAT | O_TRUNC | O_WRONLY, 0600); data/bash-5.1~rc3/bashhist.c:826:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char trunc[SYSLOG_MAXLEN], *msg; data/bash-5.1~rc3/bashhist.c:827:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char loghdr[SYSLOG_MAXHDR]; data/bash-5.1~rc3/bashhist.c:828:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seqbuf[32], *seqnum; data/bash-5.1~rc3/bashline.c:312:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char filename_bstab[256]; data/bash-5.1~rc3/bashline.c:342:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char kseq[2] = { CTRL ('I'), 0 }; /* TAB */ data/bash-5.1~rc3/bashline.c:445:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kseq[2]; data/bash-5.1~rc3/bashline.c:789:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *temp, buffer[256], name[256]; data/bash-5.1~rc3/bashline.c:792:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen (filename, "r"); data/bash-5.1~rc3/bashline.c:1028:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char alias_name[3], *alias_value, *macro; data/bash-5.1~rc3/bashline.c:3391:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char delims[2]; data/bash-5.1~rc3/bashline.c:4295:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[INT_STRLEN_BOUND(int) + 1]; data/bash-5.1~rc3/braces.c:446:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, lbuf[INT_STRLEN_BOUND(intmax_t) + 1]; data/bash-5.1~rc3/braces.c:811:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char example[256]; data/bash-5.1~rc3/builtins/bashgetopt.c:57:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char errstr[3] = { '-', '\0', '\0' }; data/bash-5.1~rc3/builtins/common.c:736:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). job = atoi (word); data/bash-5.1~rc3/builtins/evalfile.c:96:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t, tt[2]; data/bash-5.1~rc3/builtins/evalfile.c:111:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (filename, O_RDONLY); data/bash-5.1~rc3/builtins/evalstring.c:692:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(fn, O_RDONLY); data/bash-5.1~rc3/builtins/gen-helpfiles.c:182:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). helpfp = fopen (helpfile, "w"); data/bash-5.1~rc3/builtins/mkbuiltins.c:239:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). documentation_file = fopen (documentation_filename, "w"); data/bash-5.1~rc3/builtins/mkbuiltins.c:259:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). documentation_file = fopen (documentation_filename, "w"); data/bash-5.1~rc3/builtins/mkbuiltins.c:285:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (temp_struct_filename, "mk-%ld", (long) getpid ()); data/bash-5.1~rc3/builtins/mkbuiltins.c:286:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). structfile = fopen (temp_struct_filename, "w"); data/bash-5.1~rc3/builtins/mkbuiltins.c:294:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). externfile = fopen (extern_filename, "w"); data/bash-5.1~rc3/builtins/mkbuiltins.c:518:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (filename, O_RDONLY, 0666); data/bash-5.1~rc3/builtins/mkbuiltins.c:960:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). defs->output = fopen (defs->production, "w"); data/bash-5.1~rc3/builtins/mkbuiltins.c:1320:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *sarray[2]; data/bash-5.1~rc3/builtins/mkbuiltins.c:1591:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). helpfp = fopen (helpfile, "w"); data/bash-5.1~rc3/builtins/psize.c:63:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/bash-5.1~rc3/debian/bash.preinst.c:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char item[sizeof("/bin/sh\n")]; data/bash-5.1~rc3/debian/bash.preinst.c:87:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sink = open("/dev/null", O_WRONLY); data/bash-5.1~rc3/debian/bash.preinst.c:113:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char packagename[sizeof("bash\n")]; data/bash-5.1~rc3/debian/clear_console.c:78:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(fnam, O_RDWR); data/bash-5.1~rc3/debian/clear_console.c:82:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(fnam, O_RDONLY); data/bash-5.1~rc3/debian/clear_console.c:86:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(fnam, O_WRONLY); data/bash-5.1~rc3/error.c:433:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tracefp = fopen("/tmp/bash-trace.log", "a+"); data/bash-5.1~rc3/eval.c:379:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tmout_len = atoi (value_cell (tmout_var)); data/bash-5.1~rc3/examples/loadables/accept.c:193:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[INT_STRLEN_BOUND (int) + 1], *p; data/bash-5.1~rc3/examples/loadables/asort.c:65:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[INT_STRLEN_BOUND (intmax_t) + 1]; // used by fmtulong data/bash-5.1~rc3/examples/loadables/cat.c:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024], *s; data/bash-5.1~rc3/examples/loadables/cat.c:74:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(argv[i], O_RDONLY, 0666); data/bash-5.1~rc3/examples/loadables/cut.c:281:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *buf, *bmap, *field, **fields, delim[2]; data/bash-5.1~rc3/examples/loadables/cut.c:404:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (l->word->word, O_RDONLY); data/bash-5.1~rc3/examples/loadables/finfo.c:208:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ubits[4], gbits[4], obits[4]; /* u=rwx,g=rwx,o=rwx */ data/bash-5.1~rc3/examples/loadables/finfo.c:359:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(b, ": "); data/bash-5.1~rc3/examples/loadables/finfo.c:479:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ebuf[40]; data/bash-5.1~rc3/examples/loadables/finfo.c:484:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ebuf,"Unknown error code %d", e); data/bash-5.1~rc3/examples/loadables/head.c:113:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nline = atoi (list_optarg); data/bash-5.1~rc3/examples/loadables/head.c:133:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen (l->word->word, "r"); data/bash-5.1~rc3/examples/loadables/pathchk.c:165:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char const portable_chars[256] = data/bash-5.1~rc3/examples/loadables/realpath.c:68:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *r, realbuf[PATH_MAX], *p; data/bash-5.1~rc3/examples/loadables/rm.c:57:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[dirlen + 1 + strlen (dp->d_name) + 1]; data/bash-5.1~rc3/examples/loadables/seq.c:158:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ldfmt, fmt, length_modifier_offset); data/bash-5.1~rc3/examples/loadables/seq.c:190:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[6 + 2 * INT_STRLEN_BOUND (int)]; data/bash-5.1~rc3/examples/loadables/seq.c:279:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char intwfmt[6 + INT_STRLEN_BOUND(int) + sizeof (PRIdMAX)]; data/bash-5.1~rc3/examples/loadables/stat.c:110:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linkbuf[PATH_MAX]; data/bash-5.1~rc3/examples/loadables/stat.c:169:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ubits[4], gbits[4], obits[4]; /* u=rwx,g=rwx,o=rwx */ data/bash-5.1~rc3/examples/loadables/tee.c:110:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (list->word->word, fflags, 0666); data/bash-5.1~rc3/examples/loadables/uname.c:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sysname[32]; data/bash-5.1~rc3/examples/loadables/uname.c:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nodename[32]; data/bash-5.1~rc3/examples/loadables/uname.c:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char release[32]; data/bash-5.1~rc3/examples/loadables/uname.c:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version[32]; data/bash-5.1~rc3/examples/loadables/uname.c:39:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char machine[32]; data/bash-5.1~rc3/execute_cmd.c:530:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open ("/dev/null", O_RDONLY); data/bash-5.1~rc3/execute_cmd.c:1157:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char abuf[INT_STRLEN_BOUND(time_t) + 1]; data/bash-5.1~rc3/execute_cmd.c:1236:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *str, *s, ts[INT_STRLEN_BOUND (time_t) + sizeof ("mSS.FFFF")]; data/bash-5.1~rc3/execute_cmd.c:3275:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tabsize = (t && *t) ? atoi (t) : 8; data/bash-5.1~rc3/execute_cmd.c:5780:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(file, O_RDONLY); \ data/bash-5.1~rc3/execute_cmd.c:5799:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sample[HASH_BANG_BUFSIZ]; data/bash-5.1~rc3/expr.c:374:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[INT_STRLEN_BOUND (arrayind_t) + 1], *istr; data/bash-5.1~rc3/findcmd.c:292:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (dotexe, ".exe"); data/bash-5.1~rc3/flags.c:208:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char optflags[NUM_SHELL_FLAGS+4] = { '+' }; data/bash-5.1~rc3/general.c:199:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[INT_STRLEN_BOUND (RLIMTYPE) + 1], *p; data/bash-5.1~rc3/general.c:593:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tty_fd = open ("/dev/tty", O_RDWR|O_NONBLOCK); data/bash-5.1~rc3/general.c:600:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tty_fd = open (tty, O_RDWR|O_NONBLOCK); data/bash-5.1~rc3/general.c:830:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathbuf[PATH_MAX + 1]; data/bash-5.1~rc3/general.c:888:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tdir[PATH_MAX]; data/bash-5.1~rc3/general.c:1430:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). c = atoi (v); data/bash-5.1~rc3/general.h:156:34: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define FASTCOPY(s, d, n) memcpy ((d), (s), (n)) data/bash-5.1~rc3/general.h:161:32: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define FASTCOPY(s, d, n) bcopy ((s), (d), (n)) data/bash-5.1~rc3/hashlib.c:506:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[256]; data/bash-5.1~rc3/include/ansi_stdlib.h:27:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). extern int atoi (); data/bash-5.1~rc3/input.c:65:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char localbuf[1024]; data/bash-5.1~rc3/input.c:417:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (file, O_RDONLY); data/bash-5.1~rc3/jobs.c:348:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char retcode_name_buffer[64]; data/bash-5.1~rc3/jobs.c:386:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char d[PATH_MAX]; data/bash-5.1~rc3/jobs.c:4413:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). shell_tty = open ("/dev/tty", O_RDWR|O_NONBLOCK); data/bash-5.1~rc3/lib/glob/glob.c:59:40: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #if !defined (HAVE_BCOPY) && !defined (bcopy) data/bash-5.1~rc3/lib/glob/glob.c:60:11: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define bcopy(s, d, n) ((void) memcpy ((d), (s), (n))) data/bash-5.1~rc3/lib/glob/glob.c:60:34: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define bcopy(s, d, n) ((void) memcpy ((d), (s), (n))) data/bash-5.1~rc3/lib/glob/glob.c:872:8: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy (subdir, nextname, sdlen + 1); data/bash-5.1~rc3/lib/glob/glob.c:906:8: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy (dp->d_name, nextname, D_NAMLEN (dp) + 1); data/bash-5.1~rc3/lib/glob/glob.c:936:6: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy (dir, nextname, sdlen + 1); data/bash-5.1~rc3/lib/glob/glob.c:1026:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. new = (char *)realloc (array[i], l + 2); data/bash-5.1~rc3/lib/glob/glob.c:1149:7: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy (pathname, directory_name, directory_len); data/bash-5.1~rc3/lib/glob/glob.c:1452:7: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy (directory_name, result[0], directory_len + 1); data/bash-5.1~rc3/lib/glob/ndir.h:34:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char d_name[MAXNAMLEN + 1]; /* Name of file. */ data/bash-5.1~rc3/lib/glob/ndir.h:42:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dd_buf[DIRBLKSIZ]; /* Directory block. */ data/bash-5.1~rc3/lib/glob/sm_loop.c:459:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy (p + 1, ccname, (close - p - 1) * sizeof (CHAR)); data/bash-5.1~rc3/lib/glob/smatch.c:72:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s1[2]; /* string */ data/bash-5.1~rc3/lib/glob/smatch.c:73:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s2[8]; /* constructed pattern */ data/bash-5.1~rc3/lib/glob/smatch.c:106:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s1[2] = { ' ', '\0' }; data/bash-5.1~rc3/lib/glob/smatch.c:107:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s2[2] = { ' ', '\0' }; data/bash-5.1~rc3/lib/glob/smatch.c:356:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char w1[MB_LEN_MAX+1]; /* string */ data/bash-5.1~rc3/lib/glob/smatch.c:357:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char w2[MB_LEN_MAX+8]; /* constructed pattern */ data/bash-5.1~rc3/lib/glob/smatch.c:384:10: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static wchar_t s1[2] = { L' ', L'\0' }; data/bash-5.1~rc3/lib/glob/smatch.c:385:10: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static wchar_t s2[2] = { L' ', L'\0' }; data/bash-5.1~rc3/lib/glob/smatch.c:521:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cc[16]; /* sufficient for all valid posix char class names */ data/bash-5.1~rc3/lib/glob/smatch.c:542:7: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy (p, cc, p1 - p); data/bash-5.1~rc3/lib/glob/xmbsrtowcs.c:427:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64], *destptr, *tmp_dest; data/bash-5.1~rc3/lib/glob/xmbsrtowcs.c:475:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (destptr, buf, ret); data/bash-5.1~rc3/lib/intl/bindtextdom.c:166:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (result, dirname, len); data/bash-5.1~rc3/lib/intl/bindtextdom.c:204:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (result, codeset, len); data/bash-5.1~rc3/lib/intl/bindtextdom.c:240:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (new_binding->domainname, domainname, len); data/bash-5.1~rc3/lib/intl/bindtextdom.c:265:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (result, dirname, len); data/bash-5.1~rc3/lib/intl/bindtextdom.c:296:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (result, codeset, len); data/bash-5.1~rc3/lib/intl/dcigettext.c:242:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgid[ZERO]; data/bash-5.1~rc3/lib/intl/dcigettext.c:373:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[ZERO]; data/bash-5.1~rc3/lib/intl/dcigettext.c:498:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (search->msgid, msgid1, msgid_len); data/bash-5.1~rc3/lib/intl/dcigettext.c:672:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (newp->domainname, domainname, domainname_len + 1); data/bash-5.1~rc3/lib/intl/dcigettext.c:1210:29: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. return (void *) ((char *) memcpy (dest, src, n) + n); data/bash-5.1~rc3/lib/intl/finddomain.c:135:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (locale, alias_value, len); data/bash-5.1~rc3/lib/intl/gettextP.h:155:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char domainname[ZERO]; data/bash-5.1~rc3/lib/intl/l10nflist.c:250:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cp, dirlist, dirlist_len); data/bash-5.1~rc3/lib/intl/loadmsgcat.c:462:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). # define open __open data/bash-5.1~rc3/lib/intl/loadmsgcat.c:814:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (charset, charsetstr, len); data/bash-5.1~rc3/lib/intl/loadmsgcat.c:861:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (tmp, outcharset, len); data/bash-5.1~rc3/lib/intl/loadmsgcat.c:862:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (tmp + len, "//TRANSLIT", 10 + 1); data/bash-5.1~rc3/lib/intl/loadmsgcat.c:939:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (domain_file->filename, O_RDONLY | O_BINARY); data/bash-5.1~rc3/lib/intl/loadmsgcat.c:1222:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (mem, static_segments, segsize); data/bash-5.1~rc3/lib/intl/loadmsgcat.c:1231:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (mem, sysdep_segment_values[sysdepref], n); data/bash-5.1~rc3/lib/intl/localcharset.c:132:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (file_name, dir, dir_len); data/bash-5.1~rc3/lib/intl/localcharset.c:135:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (file_name + dir_len + add_slash, base, base_len + 1); data/bash-5.1~rc3/lib/intl/localcharset.c:139:38: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file_name == NULL || (fp = fopen (file_name, "r")) == NULL) data/bash-5.1~rc3/lib/intl/localcharset.c:146:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[50+1]; data/bash-5.1~rc3/lib/intl/localcharset.c:147:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[50+1]; data/bash-5.1~rc3/lib/intl/localcharset.c:316:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[2 + 10 + 1]; data/bash-5.1~rc3/lib/intl/localcharset.c:319:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "CP%u", GetACP ()); data/bash-5.1~rc3/lib/intl/localcharset.c:325:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[2 + 10 + 1]; data/bash-5.1~rc3/lib/intl/localcharset.c:354:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, dot, modifier - dot); data/bash-5.1~rc3/lib/intl/localcharset.c:370:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "CP%u", cp[0]); data/bash-5.1~rc3/lib/intl/localealias.c:234:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (full_fname, fname, fname_len); data/bash-5.1~rc3/lib/intl/localealias.c:235:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&full_fname[fname_len], aliasfile, sizeof aliasfile); data/bash-5.1~rc3/lib/intl/localealias.c:238:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen (relocate (full_fname), "r"); data/bash-5.1~rc3/lib/intl/localealias.c:258:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[400]; data/bash-5.1~rc3/lib/intl/localealias.c:344:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. map[nmap].alias = memcpy (&string_space[string_space_act], data/bash-5.1~rc3/lib/intl/localealias.c:348:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. map[nmap].value = memcpy (&string_space[string_space_act], data/bash-5.1~rc3/lib/intl/log.c:87:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). last_logfile = fopen (logfilename, "a"); data/bash-5.1~rc3/lib/intl/os2compat.c:44:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char libintl_nl_default_dirname[MAXPATHLEN+1]; data/bash-5.1~rc3/lib/intl/os2compat.c:63:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (_nlos2_libdir, root, sl); data/bash-5.1~rc3/lib/intl/os2compat.c:64:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (_nlos2_libdir + sl, LIBDIR, strlen (LIBDIR) + 1); data/bash-5.1~rc3/lib/intl/os2compat.c:77:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (_nlos2_localealiaspath, root, sl); data/bash-5.1~rc3/lib/intl/os2compat.c:78:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (_nlos2_localealiaspath + sl, LOCALE_ALIAS_PATH, strlen (LOCALE_ALIAS_PATH) + 1); data/bash-5.1~rc3/lib/intl/os2compat.c:91:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (_nlos2_localedir, root, sl); data/bash-5.1~rc3/lib/intl/os2compat.c:92:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (_nlos2_localedir + sl, LOCALEDIR, strlen (LOCALEDIR) + 1); data/bash-5.1~rc3/lib/intl/relocatable.c:120:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (memory, orig_prefix_arg, orig_prefix_len + 1); data/bash-5.1~rc3/lib/intl/relocatable.c:123:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (memory, curr_prefix_arg, curr_prefix_len + 1); data/bash-5.1~rc3/lib/intl/relocatable.c:202:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (q, curr_pathname, p - curr_pathname); data/bash-5.1~rc3/lib/intl/relocatable.c:262:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (curr_prefix, curr_installdir, curr_prefix_len); data/bash-5.1~rc3/lib/intl/relocatable.c:287:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char location[MAX_PATH]; data/bash-5.1~rc3/lib/intl/relocatable.c:312:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen ("/proc/self/maps", "r"); data/bash-5.1~rc3/lib/intl/relocatable.c:430:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (result, curr_prefix, curr_prefix_len); data/bash-5.1~rc3/lib/intl/textdomain.c:118:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (new_domain, domainname, len); data/bash-5.1~rc3/lib/malloc/alloca.c:141:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char align[ALIGN_SIZE]; /* To force sizeof(header). */ data/bash-5.1~rc3/lib/malloc/imalloc.h:61:34: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define FASTCOPY(s, d, n) memcpy (d, s, n) data/bash-5.1~rc3/lib/malloc/imalloc.h:66:32: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define FASTCOPY(s, d, n) bcopy (s, d, n) data/bash-5.1~rc3/lib/malloc/imalloc.h:159:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((dest), (src), (nbytes)) \ data/bash-5.1~rc3/lib/malloc/malloc.c:155:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mi_magic8[8]; /* MAGIC1 guard bytes */ /* 8 */ data/bash-5.1~rc3/lib/malloc/malloc.c:174:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[4]; data/bash-5.1~rc3/lib/malloc/malloc.c:274:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char busy[NBUCKETS]; data/bash-5.1~rc3/lib/malloc/malloc.c:339:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _malloc_trace_buckets[NBUCKETS]; data/bash-5.1~rc3/lib/malloc/stats.c:152:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char defname[sizeof (TRACEROOT) + 64]; data/bash-5.1~rc3/lib/malloc/stats.c:153:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char mallbuf[1024]; data/bash-5.1~rc3/lib/malloc/stats.c:176:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[1024]; data/bash-5.1~rc3/lib/malloc/stats.c:184:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(defbuf, "w"); data/bash-5.1~rc3/lib/malloc/stats.c:189:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pidbuf[32]; data/bash-5.1~rc3/lib/malloc/stats.c:192:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (pidbuf, "%ld", l); data/bash-5.1~rc3/lib/malloc/stats.c:208:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen (fname, "w"); data/bash-5.1~rc3/lib/malloc/table.c:399:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char defname[sizeof (LOCROOT) + 64]; data/bash-5.1~rc3/lib/malloc/trace.c:120:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char defname[sizeof (TRACEROOT) + 64]; data/bash-5.1~rc3/lib/readline/ansi_stdlib.h:27:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). extern int atoi (); data/bash-5.1~rc3/lib/readline/bind.c:138:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyseq[4]; data/bash-5.1~rc3/lib/readline/bind.c:174:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. xfree ((char *)_rl_keymap[key].function); data/bash-5.1~rc3/lib/readline/bind.c:486:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. xfree ((char *)map[ic].function); data/bash-5.1~rc3/lib/readline/bind.c:687:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char kseq[16]; data/bash-5.1~rc3/lib/readline/bind.c:903:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (((file = open (filename, O_RDONLY, 0666)) < 0) || (fstat (file, &finfo) < 0)) data/bash-5.1~rc3/lib/readline/bind.c:1766:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char useq[2]; data/bash-5.1~rc3/lib/readline/bind.c:1779:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seq[2]; data/bash-5.1~rc3/lib/readline/bind.c:2052:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nval = atoi (value); data/bash-5.1~rc3/lib/readline/bind.c:2067:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nval = atoi (value); data/bash-5.1~rc3/lib/readline/bind.c:2081:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nval = atoi (value); data/bash-5.1~rc3/lib/readline/bind.c:2095:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nval = atoi (value); data/bash-5.1~rc3/lib/readline/bind.c:2128:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nval = atoi (value); data/bash-5.1~rc3/lib/readline/bind.c:2409:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (keymap_names, builtin_keymap_names, i * sizeof (struct name_and_keymap)); data/bash-5.1~rc3/lib/readline/bind.c:2628:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (keyname, "\\M-"); data/bash-5.1~rc3/lib/readline/bind.c:2630:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (keyname, "\\e"); data/bash-5.1~rc3/lib/readline/bind.c:2776:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. out = _rl_untranslate_macro_value ((char *)map[key].function, 0); data/bash-5.1~rc3/lib/readline/bind.c:2841:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char numbuf[32]; data/bash-5.1~rc3/lib/readline/bind.c:2861:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (numbuf, "%d", _rl_completion_columns); data/bash-5.1~rc3/lib/readline/bind.c:2866:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (numbuf, "%d", _rl_completion_prefix_display_length); data/bash-5.1~rc3/lib/readline/bind.c:2871:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (numbuf, "%d", rl_completion_query_items); data/bash-5.1~rc3/lib/readline/bind.c:2878:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (numbuf, "%d", history_is_stifled() ? history_max_entries : 0); data/bash-5.1~rc3/lib/readline/bind.c:2905:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (numbuf, "%d", _rl_keyseq_timeout); data/bash-5.1~rc3/lib/readline/callback.c:139:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((void *)olevel, (void *)_rl_top_level, sizeof (procenv_t)); data/bash-5.1~rc3/lib/readline/callback.c:149:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((void *)_rl_top_level, (void *)olevel, sizeof (procenv_t)); data/bash-5.1~rc3/lib/readline/complete.c:1518:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cols = atoi (envcols); data/bash-5.1~rc3/lib/readline/complete.c:1855:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_string[4], *filename, *fn; data/bash-5.1~rc3/lib/readline/display.c:369:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (nprompt, ms, mlen); data/bash-5.1~rc3/lib/readline/display.c:1042:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char obuf[5]; data/bash-5.1~rc3/lib/readline/display.c:1045:15: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. olen = sprintf (obuf, "\\%o", c); data/bash-5.1~rc3/lib/readline/display.c:1803:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (old, new, newbytes); data/bash-5.1~rc3/lib/readline/display.c:1804:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (old_face, new_face, newbytes); data/bash-5.1~rc3/lib/readline/examples/excallback.c:97:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt_buf[40], line_buf[256]; data/bash-5.1~rc3/lib/readline/examples/fileman.c:325:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char syscom[1024]; data/bash-5.1~rc3/lib/readline/examples/fileman.c:461:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir[1024], *s; data/bash-5.1~rc3/lib/readline/examples/histexamp.c:36:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024], *t; data/bash-5.1~rc3/lib/readline/examples/histexamp.c:56:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (line, "quit"); data/bash-5.1~rc3/lib/readline/examples/histexamp.c:91:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestr[128]; data/bash-5.1~rc3/lib/readline/examples/histexamp.c:101:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (timestr, "??"); data/bash-5.1~rc3/lib/readline/examples/rl.c:109:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fd = atoi(optarg); data/bash-5.1~rc3/lib/readline/examples/rl.c:120:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nch = atoi(optarg); data/bash-5.1~rc3/lib/readline/examples/rlcat.c:167:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen (argv[i], "r"); data/bash-5.1~rc3/lib/readline/histexpand.c:551:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fake_s[3]; data/bash-5.1~rc3/lib/readline/histexpand.c:918:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[MB_LEN_MAX]; data/bash-5.1~rc3/lib/readline/histfile.c:180:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (return_val + home_len + 1, "_history"); data/bash-5.1~rc3/lib/readline/histfile.c:182:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (return_val + home_len + 1, ".history"); data/bash-5.1~rc3/lib/readline/histfile.c:192:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ret, linkbuf[PATH_MAX+1]; data/bash-5.1~rc3/lib/readline/histfile.c:220:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ret, linkbuf[PATH_MAX+1]; data/bash-5.1~rc3/lib/readline/histfile.c:250:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (ret + len + 6, ".tmp"); data/bash-5.1~rc3/lib/readline/histfile.c:289:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = input ? open (input, O_RDONLY|O_BINARY, 0666) : -1; data/bash-5.1~rc3/lib/readline/histfile.c:478:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linkbuf[PATH_MAX+1]; data/bash-5.1~rc3/lib/readline/histfile.c:497:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linkbuf[PATH_MAX+1]; data/bash-5.1~rc3/lib/readline/histfile.c:532:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = filename ? open (filename, O_RDONLY|O_BINARY, 0666) : -1; data/bash-5.1~rc3/lib/readline/histfile.c:631:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((file = open (tempname, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY, 0600)) != -1) data/bash-5.1~rc3/lib/readline/histfile.c:701:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = output ? open (output, mode, 0600) : -1; data/bash-5.1~rc3/lib/readline/history.c:255:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ts[64], *ret; data/bash-5.1~rc3/lib/readline/history.c:261:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ts, "X%lu", (unsigned long) t); data/bash-5.1~rc3/lib/readline/input.c:142:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char ibuffer[512]; data/bash-5.1~rc3/lib/readline/isearch.c:166:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (message, "[%d]", where + history_base); data/bash-5.1~rc3/lib/readline/isearch.c:175:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (message + msglen, "failed "); data/bash-5.1~rc3/lib/readline/isearch.c:181:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (message + msglen, "reverse-"); data/bash-5.1~rc3/lib/readline/isearch.c:185:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (message + msglen, "i-search)`"); data/bash-5.1~rc3/lib/readline/isearch.c:196:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (message + msglen, "': "); data/bash-5.1~rc3/lib/readline/keymaps.c:158:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. xfree ((char *)map[i].function); data/bash-5.1~rc3/lib/readline/keymaps.c:162:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. xfree ((char *)map[i].function); data/bash-5.1~rc3/lib/readline/kill.c:742:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pbuf[BRACK_PASTE_SLEN+1], *pbpref; data/bash-5.1~rc3/lib/readline/parse-colors.c:307:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[3]; /* Indicator label */ data/bash-5.1~rc3/lib/readline/parse-colors.c:318:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (label, "??"); data/bash-5.1~rc3/lib/readline/readline.c:1047:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. macro = savestring ((char *)map[key].function); data/bash-5.1~rc3/lib/readline/readline.h:959:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reserved[64]; data/bash-5.1~rc3/lib/readline/rlprivate.h:102:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[MB_LEN_MAX]; data/bash-5.1~rc3/lib/readline/rlprivate.h:103:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pmb[MB_LEN_MAX]; data/bash-5.1~rc3/lib/readline/shell.c:124:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char setenv_buf[INT_STRLEN_BOUND (int) + 1]; data/bash-5.1~rc3/lib/readline/shell.c:125:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char putenv_buf1[INT_STRLEN_BOUND (int) + 6 + 1]; /* sizeof("LINES=") == 6 */ data/bash-5.1~rc3/lib/readline/shell.c:126:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char putenv_buf2[INT_STRLEN_BOUND (int) + 8 + 1]; /* sizeof("COLUMNS=") == 8 */ data/bash-5.1~rc3/lib/readline/shell.c:132:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (setenv_buf, "%d", lines); data/bash-5.1~rc3/lib/readline/shell.c:135:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (setenv_buf, "%d", cols); data/bash-5.1~rc3/lib/readline/shell.c:139:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (putenv_buf1, "LINES=%d", lines); data/bash-5.1~rc3/lib/readline/shell.c:142:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (putenv_buf2, "COLUMNS=%d", cols); data/bash-5.1~rc3/lib/readline/signals.c:397:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ohandler, &old_handler, sizeof (sighandler_cxt)); data/bash-5.1~rc3/lib/readline/signals.c:748:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cstr[3]; data/bash-5.1~rc3/lib/readline/terminal.c:284:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _rl_screenwidth = atoi (ss); data/bash-5.1~rc3/lib/readline/terminal.c:303:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _rl_screenheight = atoi (ss); data/bash-5.1~rc3/lib/readline/terminal.c:449:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. *(tc_strings[i].tc_value) = tgetstr ((char *)tc_strings[i].tc_var, bp); data/bash-5.1~rc3/lib/readline/text.c:699:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char pending_bytes[MB_LEN_MAX]; data/bash-5.1~rc3/lib/readline/text.c:714:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char incoming[MB_LEN_MAX + 1]; data/bash-5.1~rc3/lib/readline/text.c:789:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (incoming, pending_bytes, pending_bytes_length); data/bash-5.1~rc3/lib/readline/text.c:863:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[TEXT_COUNT_MAX+1]; data/bash-5.1~rc3/lib/readline/text.c:892:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[2]; data/bash-5.1~rc3/lib/readline/text.c:918:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mbkey[MB_LEN_MAX]; data/bash-5.1~rc3/lib/readline/text.c:1407:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[MB_LEN_MAX+1]; data/bash-5.1~rc3/lib/readline/text.c:1493:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s, mb, mlen); data/bash-5.1~rc3/lib/readline/text.c:1496:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s, mb, mlen); data/bash-5.1~rc3/lib/readline/text.c:1509:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s, mb, mlen); data/bash-5.1~rc3/lib/readline/text.c:1601:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dummy[2]; data/bash-5.1~rc3/lib/readline/text.c:1727:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mbchar[MB_LEN_MAX]; data/bash-5.1~rc3/lib/readline/tilde.c:427:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *result, line[512]; data/bash-5.1~rc3/lib/readline/tilde.c:436:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (line, "done"); data/bash-5.1~rc3/lib/readline/util.c:501:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fnbuf[128], *x; data/bash-5.1~rc3/lib/readline/util.c:514:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _rl_tracefp = fopen (fnbuf, "w+"); data/bash-5.1~rc3/lib/readline/util.c:566:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (NLMSG_DATA(&req.nlh), string, size); data/bash-5.1~rc3/lib/readline/vi_mode.c:112:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char _rl_vi_last_search_mbchar[MB_LEN_MAX]; data/bash-5.1~rc3/lib/readline/vi_mode.c:117:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char _rl_vi_last_replacement[MB_LEN_MAX+1]; /* reserve for trailing NULL */ data/bash-5.1~rc3/lib/readline/vi_mode.c:948:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[MB_LEN_MAX+1]; data/bash-5.1~rc3/lib/readline/vi_mode.c:2036:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[MB_LEN_MAX+1]; data/bash-5.1~rc3/lib/readline/vi_mode.c:2061:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[MB_LEN_MAX+1]; data/bash-5.1~rc3/lib/sh/casemod.c:115:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[MB_LEN_MAX+1]; data/bash-5.1~rc3/lib/sh/casemod.c:161:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret + retind, string + start, next - start); data/bash-5.1~rc3/lib/sh/fpurge.c:65:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char _ubuf[3]; \ data/bash-5.1~rc3/lib/sh/fpurge.c:66:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char _nbuf[1]; \ data/bash-5.1~rc3/lib/sh/getcwd.c:123:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX + 1]; data/bash-5.1~rc3/lib/sh/getcwd.c:175:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (new, dots, dotsize); data/bash-5.1~rc3/lib/sh/getcwd.c:183:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&new[dotsize], new, dotsize); data/bash-5.1~rc3/lib/sh/getcwd.c:220:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (name, dotp, dotlist + dotsize - dotp); data/bash-5.1~rc3/lib/sh/getcwd.c:222:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&name[dotlist + dotsize - dotp + 1], data/bash-5.1~rc3/lib/sh/getcwd.c:271:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy (new + pathsize + space, pathp, pathsize - space); data/bash-5.1~rc3/lib/sh/getcwd.c:278:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy (pathp, d->d_name, namlen); data/bash-5.1~rc3/lib/sh/getcwd.c:310:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy((PTR_T) buf, (PTR_T) pathp, len); data/bash-5.1~rc3/lib/sh/getcwd.c:342:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[PATH_MAX]; data/bash-5.1~rc3/lib/sh/itos.c:47:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, lbuf[INT_STRLEN_BOUND(intmax_t) + 1]; data/bash-5.1~rc3/lib/sh/itos.c:59:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, lbuf[INT_STRLEN_BOUND(intmax_t) + 1]; data/bash-5.1~rc3/lib/sh/itos.c:80:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, lbuf[INT_STRLEN_BOUND(uintmax_t) + 1]; data/bash-5.1~rc3/lib/sh/mailstat.c:63:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir[PATH_MAX * 2], file[PATH_MAX * 2 + 1]; data/bash-5.1~rc3/lib/sh/mktime.c:389:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm.tm_isdst = argc == 3 ? -1 : atoi (argv[3]); data/bash-5.1~rc3/lib/sh/mktime.c:400:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). time_t from = atol (argv[1]); data/bash-5.1~rc3/lib/sh/mktime.c:401:19: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). time_t by = atol (argv[2]); data/bash-5.1~rc3/lib/sh/mktime.c:402:19: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). time_t to = atol (argv[3]); data/bash-5.1~rc3/lib/sh/netopen.c:106:7: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(h->h_addr, (char *)ap, h->h_length); data/bash-5.1~rc3/lib/sh/oslib.c:165:16: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # if defined (bcopy) data/bash-5.1~rc3/lib/sh/oslib.c:166:12: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # undef bcopy data/bash-5.1~rc3/lib/sh/oslib.c:169:1: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy (s,d,n) data/bash-5.1~rc3/lib/sh/pathcanon.c:52:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char user[MAXPATHLEN]; data/bash-5.1~rc3/lib/sh/pathcanon.c:53:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char system[MAXPATHLEN]; data/bash-5.1~rc3/lib/sh/pathcanon.c:63:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char user_flags[MAXPATHLEN]; data/bash-5.1~rc3/lib/sh/pathcanon.c:64:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char system_flags[MAXPATHLEN]; data/bash-5.1~rc3/lib/sh/pathphys.c:79:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[PATH_MAX+1], linkbuf[PATH_MAX+1]; data/bash-5.1~rc3/lib/sh/random.c:207:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). urandfd = open ("/dev/urandom", oflags, 0); data/bash-5.1~rc3/lib/sh/shquote.c:43:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char bstab[256] = data/bash-5.1~rc3/lib/sh/snprintf.c:184:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char intbuf[INT_STRLEN_BOUND(unsigned long) + 1]; data/bash-5.1~rc3/lib/sh/snprintf.c:610:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char integral_part[MAX_INT]; data/bash-5.1~rc3/lib/sh/snprintf.c:611:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char fraction_part[MAX_FRACT]; data/bash-5.1~rc3/lib/sh/snprintf.c:1648:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmtbuf[FALLBACK_FMTSIZE], *obuf; data/bash-5.1~rc3/lib/sh/snprintf.c:1681:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmtbuf[FALLBACK_FMTSIZE], obuf[FALLBACK_BASE]; data/bash-5.1~rc3/lib/sh/snprintf.c:1846:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char holder[100]; data/bash-5.1~rc3/lib/sh/spell.c:67:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char guess[PATH_MAX + 1], best[PATH_MAX + 1]; data/bash-5.1~rc3/lib/sh/strdup.c:40:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (new, s, len); data/bash-5.1~rc3/lib/sh/strerror.c:55:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char emsg[40]; data/bash-5.1~rc3/lib/sh/strftime.c:108:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *tzname[2]; data/bash-5.1~rc3/lib/sh/strftime.c:153:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%0*d", (int) fw, year); data/bash-5.1~rc3/lib/sh/strftime.c:167:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%c_%04d_%d", sign, extra, year); data/bash-5.1~rc3/lib/sh/strftime.c:178:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. auto char tbuf[100]; data/bash-5.1~rc3/lib/sh/strftime.c:376:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%02ld", (timeptr->tm_year + 1900L) / 100); data/bash-5.1~rc3/lib/sh/strftime.c:381:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%02d", i); data/bash-5.1~rc3/lib/sh/strftime.c:389:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%2d", range(1, timeptr->tm_mday, 31)); data/bash-5.1~rc3/lib/sh/strftime.c:403:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_d[10]; data/bash-5.1~rc3/lib/sh/strftime.c:454:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%ld", y); data/bash-5.1~rc3/lib/sh/strftime.c:457:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%02ld", y % 100); data/bash-5.1~rc3/lib/sh/strftime.c:465:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%02d", i); data/bash-5.1~rc3/lib/sh/strftime.c:474:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%02d", i); data/bash-5.1~rc3/lib/sh/strftime.c:478:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%03d", timeptr->tm_yday + 1); data/bash-5.1~rc3/lib/sh/strftime.c:483:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%02d", i + 1); data/bash-5.1~rc3/lib/sh/strftime.c:488:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%02d", i); data/bash-5.1~rc3/lib/sh/strftime.c:522:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%ld", mktime(& non_const_timeptr)); data/bash-5.1~rc3/lib/sh/strftime.c:529:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%02d", i); data/bash-5.1~rc3/lib/sh/strftime.c:544:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%d", timeptr->tm_wday == 0 ? 7 : data/bash-5.1~rc3/lib/sh/strftime.c:549:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%02d", weeknumber(timeptr, 0)); data/bash-5.1~rc3/lib/sh/strftime.c:553:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%02d", iso8601wknum(timeptr)); data/bash-5.1~rc3/lib/sh/strftime.c:558:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%d", i); data/bash-5.1~rc3/lib/sh/strftime.c:562:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%02d", weeknumber(timeptr, 1)); data/bash-5.1~rc3/lib/sh/strftime.c:576:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%02d", i); data/bash-5.1~rc3/lib/sh/strftime.c:591:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%ld", 1900L + timeptr->tm_year); data/bash-5.1~rc3/lib/sh/strftime.c:649:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf+1, "%02ld%02ld", off/60, off%60); data/bash-5.1~rc3/lib/sh/strftime.c:673:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%2d", range(0, timeptr->tm_hour, 23)); data/bash-5.1~rc3/lib/sh/strftime.c:682:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%2d", i); data/bash-5.1~rc3/lib/sh/strftime.c:698:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%2d-%3.3s-%4ld", data/bash-5.1~rc3/lib/sh/strftime.c:994:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[MAXTIME]; data/bash-5.1~rc3/lib/sh/strtoimax.c:42:47: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. #define verify(name, assertion) struct name { char a[(assertion) ? 1 : -1]; } data/bash-5.1~rc3/lib/sh/strtoumax.c:42:47: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. #define verify(name, assertion) struct name { char a[(assertion) ? 1 : -1]; } data/bash-5.1~rc3/lib/sh/tmpfile.c:214:8: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp (filename); data/bash-5.1~rc3/lib/sh/tmpfile.c:234:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (filename, BASEOPENFLAGS | ((flags & MT_READWRITE) ? O_RDWR : O_WRONLY), 0600); data/bash-5.1~rc3/lib/sh/unicode.c:67:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char charsetbuf[40]; data/bash-5.1~rc3/lib/sh/unicode.c:77:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (charsetbuf, "ASCII"); data/bash-5.1~rc3/lib/sh/unicode.c:146:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. l = sprintf (s, "\\u%04X", wc); data/bash-5.1~rc3/lib/sh/unicode.c:148:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. l = sprintf (s, "\\u%08X", wc); data/bash-5.1~rc3/lib/sh/unicode.c:248:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t ws[3]; data/bash-5.1~rc3/lib/sh/unicode.c:252:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char obuf[25], *optr; data/bash-5.1~rc3/lib/sh/vprint.c:49:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localbuf[BUFSIZ]; data/bash-5.1~rc3/lib/sh/zcatfd.c:53:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lbuf[ZBUFSIZ]; data/bash-5.1~rc3/lib/sh/zmapfd.c:55:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lbuf[ZBUFSIZ]; data/bash-5.1~rc3/lib/sh/zmapfd.c:80:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (result+rind, lbuf, nr); data/bash-5.1~rc3/lib/sh/zread.c:124:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char lbuf[ZBUFSIZ]; data/bash-5.1~rc3/lib/termcap/termcap.c:50:11: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define bcopy(s, d, n) memcpy ((d), (s), (n)) data/bash-5.1~rc3/lib/termcap/termcap.c:50:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define bcopy(s, d, n) memcpy ((d), (s), (n)) data/bash-5.1~rc3/lib/termcap/termcap.c:65:67: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #if (defined(HAVE_STRING_H) || defined(STDC_HEADERS)) && !defined(bcopy) data/bash-5.1~rc3/lib/termcap/termcap.c:66:9: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define bcopy(s, d, n) memcpy ((d), (s), (n)) data/bash-5.1~rc3/lib/termcap/termcap.c:66:24: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define bcopy(s, d, n) memcpy ((d), (s), (n)) data/bash-5.1~rc3/lib/termcap/termcap.c:173:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi (ptr); data/bash-5.1~rc3/lib/termcap/termcap.c:409:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char esa[NAM$C_MAXRSS]; data/bash-5.1~rc3/lib/termcap/termcap.c:531:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (termcap_name, O_RDONLY|O_TEXT, 0); data/bash-5.1~rc3/lib/termcap/termcap.c:533:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (termcap_name, O_RDONLY, 0); data/bash-5.1~rc3/lib/termcap/termcap.c:751:4: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy (bufp->ptr, buf, bufp->full -= bufp->ptr - buf); data/bash-5.1~rc3/lib/termcap/tparam.c:38:11: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define bcopy(s, d, n) memcpy ((d), (s), (n)) data/bash-5.1~rc3/lib/termcap/tparam.c:38:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define bcopy(s, d, n) memcpy ((d), (s), (n)) data/bash-5.1~rc3/lib/termcap/tparam.c:44:9: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define bcopy(s, d, n) memcpy ((d), (s), (n)) data/bash-5.1~rc3/lib/termcap/tparam.c:44:24: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define bcopy(s, d, n) memcpy ((d), (s), (n)) data/bash-5.1~rc3/lib/termcap/tparam.c:129:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tgoto_buf[50]; data/bash-5.1~rc3/lib/termcap/tparam.c:177:8: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy (outstring, new, op - outstring); data/bash-5.1~rc3/lib/termcap/tparam.c:335:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[50]; data/bash-5.1~rc3/lib/termcap/tparam.c:337:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). args[0] = atoi (argv[2]); data/bash-5.1~rc3/lib/termcap/tparam.c:338:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). args[1] = atoi (argv[3]); data/bash-5.1~rc3/lib/termcap/tparam.c:339:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). args[2] = atoi (argv[4]); data/bash-5.1~rc3/lib/tilde/tilde.c:427:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *result, line[512]; data/bash-5.1~rc3/lib/tilde/tilde.c:436:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (line, "done"); data/bash-5.1~rc3/make_cmd.c:148:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tokenizer[2]; data/bash-5.1~rc3/mksyntax.c:111:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char xbuf[16]; data/bash-5.1~rc3/mksyntax.c:145:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. default: sprintf (xbuf, "%d", i); break; data/bash-5.1~rc3/mksyntax.c:350:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen (filename, "w"); data/bash-5.1~rc3/mksyntax.c:401:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char emsg[40]; data/bash-5.1~rc3/mksyntax.c:411:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (emsg, "Unknown system error %d", e); data/bash-5.1~rc3/nojobs.c:802:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char retcode_name_buffer[64] = { '\0' }; data/bash-5.1~rc3/nojobs.c:809:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (x, "Signal %d", s); data/bash-5.1~rc3/pathexp.c:71:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open, bsquote; data/bash-5.1~rc3/pathexp.c:91:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (open) /* XXX - if --open == 0? */ data/bash-5.1~rc3/pathexp.c:96:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (open) data/bash-5.1~rc3/pathexp.c:116:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (open && *string == '/') data/bash-5.1~rc3/pcomplete.c:984:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[INT_STRLEN_BOUND(int) + 1]; data/bash-5.1~rc3/print_cmd.c:170:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[3]; data/bash-5.1~rc3/print_cmd.c:426:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ps4_firstc[MB_LEN_MAX+1]; data/bash-5.1~rc3/print_cmd.c:454:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ps4_firstc, ps4, ps4_firstc_len); data/bash-5.1~rc3/print_cmd.c:474:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (indirection_string+i, ps4_firstc, ps4_firstc_len); data/bash-5.1~rc3/print_cmd.c:1480:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char char_arg[2], *argp, intbuf[INT_STRLEN_BOUND (unsigned int) + 1]; data/bash-5.1~rc3/print_cmd.c:1525:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (intbuf, "%u", (unsigned int)-1); data/bash-5.1~rc3/redir.c:454:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open ("/dev/null", O_RDONLY); data/bash-5.1~rc3/redir.c:531:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd2 = open (filename, O_RDONLY|O_BINARY, 0600); data/bash-5.1~rc3/redir.c:650:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (filename, flags, mode); data/bash-5.1~rc3/redir.c:685:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (filename, flags|O_EXCL, mode); data/bash-5.1~rc3/redir.c:688:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (filename, flags, mode); data/bash-5.1~rc3/redir.c:738:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (filename, flags, mode); data/bash-5.1~rc3/redir.c:752:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (filename, flags & ~O_CREAT, mode); data/bash-5.1~rc3/shell.c:1536:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sample[80]; data/bash-5.1~rc3/shell.c:1546:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (filename, O_RDONLY); data/bash-5.1~rc3/shell.c:1557:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (filename, O_RDONLY); data/bash-5.1~rc3/shell.c:1897:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[256]; data/bash-5.1~rc3/siglist.c:37:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *sys_siglist[NSIG]; data/bash-5.1~rc3/siglist.c:224:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sys_siglist[i], _("Unknown Signal #%d"), i); data/bash-5.1~rc3/siglist.h:37:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. # define strsignal(sig) (char *)sys_siglist[sig] data/bash-5.1~rc3/stringlib.c:136:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (result, string + start, len); data/bash-5.1~rc3/subst.c:155:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ifs_cmap[UCHAR_MAX + 1]; data/bash-5.1~rc3/subst.c:159:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ifs_firstc[MB_LEN_MAX]; data/bash-5.1~rc3/subst.c:1747:35: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). skip_matched_pair (string, start, open, close, flags) data/bash-5.1~rc3/subst.c:1749:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int start, open, close, flags; data/bash-5.1~rc3/subst.c:1793:41: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((flags & 1) == 0 && c == open) data/bash-5.1~rc3/subst.c:1870:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *temp, open[3]; data/bash-5.1~rc3/subst.c:1870:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). char *temp, open[3]; data/bash-5.1~rc3/subst.c:2000:4: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open[0] = c; data/bash-5.1~rc3/subst.c:2001:4: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open[1] = LPAREN; data/bash-5.1~rc3/subst.c:2002:4: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open[2] = '\0'; data/bash-5.1~rc3/subst.c:2003:50: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). temp = extract_delimited_string (string, &si, open, "(", ")", SX_NOALLOC); /* ) */ data/bash-5.1~rc3/subst.c:2321:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (d2 + ts, delims + i, mblength); data/bash-5.1~rc3/subst.c:2546:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ret, ifs_firstc, ifs_firstc_len); data/bash-5.1~rc3/subst.c:2576:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sep[MB_CUR_MAX + 1]; data/bash-5.1~rc3/subst.c:2581:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sep[2]; data/bash-5.1~rc3/subst.c:2595:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (sep, ifs_firstc, ifs_firstc_len); data/bash-5.1~rc3/subst.c:2634:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sep[MB_CUR_MAX + 1]; data/bash-5.1~rc3/subst.c:2639:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sep[2]; data/bash-5.1~rc3/subst.c:2666:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (sep, ifs_firstc, ifs_firstc_len); data/bash-5.1~rc3/subst.c:2953:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char local_cmap[UCHAR_MAX+1]; /* really only need single-byte chars here */ data/bash-5.1~rc3/subst.c:5499:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (fifo_list[i].file, O_RDWR|O_NONBLOCK); data/bash-5.1~rc3/subst.c:5677:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. return (memcpy (ret, dev_fd_list, totfds * sizeof (pid_t))); data/bash-5.1~rc3/subst.c:5860:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ret, intbuf[INT_STRLEN_BOUND (int) + 1], *p; data/bash-5.1~rc3/subst.c:6054:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (pathname, open_for_read_in_child ? O_RDONLY : O_WRONLY); data/bash-5.1~rc3/subst.c:6172:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *istring, buf[512], *bufp; data/bash-5.1~rc3/subst.c:7394:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char delims[2]; data/bash-5.1~rc3/subst.c:7664:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flags[MAX_ATTRIBUTES], *ret, *val; data/bash-5.1~rc3/subst.c:7689:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ret, *val, flags[MAX_ATTRIBUTES]; data/bash-5.1~rc3/subst.c:7742:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (ret, "set -- "); data/bash-5.1~rc3/subst.c:7754:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ret, flags[MAX_ATTRIBUTES], *t; data/bash-5.1~rc3/subst.c:7883:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flags[MAX_ATTRIBUTES]; data/bash-5.1~rc3/subst.c:9448:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *temp, *temp1, uerror[3], *savecmd; data/bash-5.1~rc3/subst.c:10082:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char twochars[2]; data/bash-5.1~rc3/subst.c:11121:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ifs_firstc, ifs_value, ifs_firstc_len); data/bash-5.1~rc3/subst.c:11667:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (temp, tlist->word->word, ++t); data/bash-5.1~rc3/subst.c:11670:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (temp + t, value, wlen); data/bash-5.1~rc3/subst.c:11704:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char opts[16], omap[128]; data/bash-5.1~rc3/support/bashversion.c:68:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dv[128], *rv; data/bash-5.1~rc3/support/man2html.c:104:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char location_base[NULL_TERMINATED(MED_STR_MAX)] = ""; data/bash-5.1~rc3/support/man2html.c:106:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char th_page_and_sec[128] = { '\0' }; data/bash-5.1~rc3/support/man2html.c:107:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char th_datestr[128] = { '\0' }; data/bash-5.1~rc3/support/man2html.c:108:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char th_version[128] = { '\0' }; data/bash-5.1~rc3/support/man2html.c:130:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char emsg[40]; data/bash-5.1~rc3/support/man2html.c:141:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(emsg, "Unknown system error %d", e); data/bash-5.1~rc3/support/man2html.c:243:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char new[NULL_TERMINATED(MED_STR_MAX)]; data/bash-5.1~rc3/support/man2html.c:293:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char NEWLINE[2] = "\n"; data/bash-5.1~rc3/support/man2html.c:294:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char idxlabel[6] = "ixAAA"; data/bash-5.1~rc3/support/man2html.c:446:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char charb[TINY_STR_MAX]; data/bash-5.1~rc3/support/man2html.c:451:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datbuf[NULL_TERMINATED(MED_STR_MAX)]; data/bash-5.1~rc3/support/man2html.c:518:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). man_stream = fopen(filename, "r"); data/bash-5.1~rc3/support/man2html.c:534:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char outbuffer[NULL_TERMINATED(HUGE_STR_MAX)]; data/bash-5.1~rc3/support/man2html.c:563:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *idtest[6]; /* url, mailto, www, ftp, manpage */ data/bash-5.1~rc3/support/man2html.c:831:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *switchfont[16] = { data/bash-5.1~rc3/support/man2html.c:882:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char sizebuf[200]; data/bash-5.1~rc3/support/man2html.c:918:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(sizebuf, "</FONT>"); data/bash-5.1~rc3/support/man2html.c:923:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(sizebuf, "<FONT SIZE="); data/bash-5.1~rc3/support/man2html.c:949:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[5]; data/bash-5.1~rc3/support/man2html.c:1434:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char itemreset[20] = "\\fR\\s0"; data/bash-5.1~rc3/support/man2html.c:1707:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[5]; data/bash-5.1~rc3/support/man2html.c:1710:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%i", curfield->colspan); data/bash-5.1~rc3/support/man2html.c:1714:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[5]; data/bash-5.1~rc3/support/man2html.c:1717:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%i", curfield->rowspan); data/bash-5.1~rc3/support/man2html.c:2113:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char manidx[NULL_TERMINATED(HUGE_STR_MAX)]; data/bash-5.1~rc3/support/man2html.c:2116:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char label[5] = "lbAA"; data/bash-5.1~rc3/support/man2html.c:2203:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *wordlist[MAX_WORDLIST]; data/bash-5.1~rc3/support/man2html.c:2681:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char font[2]; data/bash-5.1~rc3/support/man2html.c:3088:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char list_options[NULL_TERMINATED(MED_STR_MAX)]; data/bash-5.1~rc3/support/man2html.c:3222:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bd_options[NULL_TERMINATED(MED_STR_MAX)]; data/bash-5.1~rc3/support/man2html.c:3282:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[NULL_TERMINATED(MED_STR_MAX)]; data/bash-5.1~rc3/support/man2html.c:3543:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char mandoc_name[NULL_TERMINATED(SMALL_STR_MAX)] = ""; data/bash-5.1~rc3/support/man2html.c:3715:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4]; data/bash-5.1~rc3/support/man2html.c:3761:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char intbuff[NULL_TERMINATED(MED_STR_MAX)]; data/bash-5.1~rc3/support/man2html.c:4021:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). idxfile = fopen(INDEXFILE, "a"); data/bash-5.1~rc3/support/mksignames.c:91:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stream = fopen (stream_name, "w"); data/bash-5.1~rc3/support/signames.c:47:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *signal_names[2 * (LASTSIG)]; data/bash-5.1~rc3/support/signames.c:125:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (signal_names[rtmin+i], "SIGRTMIN+%d", i); data/bash-5.1~rc3/support/signames.c:128:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (signal_names[rtmax-i], "SIGRTMAX-%d", i); data/bash-5.1~rc3/support/signames.c:136:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (signal_names[rtmin+rtcnt+1], "SIGRTMIN+%d", rtcnt+1); data/bash-5.1~rc3/support/signames.c:440:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (signal_names[i], "SIGJUNK(%d)", i); data/bash-5.1~rc3/support/xcase.c:74:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf = fopen(av[0], "r"); data/bash-5.1~rc3/trap.c:105:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *trap_list[BASH_NSIG]; data/bash-5.1~rc3/trap.c:787:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (trap_list[sig] != (char *)IMPOSSIBLE_TRAP_HANDLER)) data/bash-5.1~rc3/trap.c:803:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (value == (char *)IGNORE_SIG) data/bash-5.1~rc3/unwind_prot.c:58:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desired_setting[1]; /* actual size is `size' */ data/bash-5.1~rc3/variables.c:147:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *dollar_vars[10]; data/bash-5.1~rc3/variables.c:396:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (temp_string, tname, namelen); data/bash-5.1~rc3/variables.c:398:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (temp_string + namelen + 1, string, string_length + 1); data/bash-5.1~rc3/variables.c:501:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char node_name[22]; data/bash-5.1~rc3/variables.c:820:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_level[5], *old_SHLVL; data/bash-5.1~rc3/variables.c:941:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char namebuf[INT_STRLEN_BOUND(pid_t) + 1], *name; data/bash-5.1~rc3/variables.c:955:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[INT_STRLEN_BOUND(uid_t) + 1], *b; data/bash-5.1~rc3/variables.c:983:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s, d[32], b[INT_STRLEN_BOUND(int) + 1]; data/bash-5.1~rc3/variables.c:1012:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[INT_STRLEN_BOUND(int) + 1], *v; data/bash-5.1~rc3/variables.c:1492:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/bash-5.1~rc3/variables.c:3485:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[INT_STRLEN_BOUND (intmax_t) + 1], *p; data/bash-5.1~rc3/variables.c:4727:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (q, BASHFUNC_PREFIX, BASHFUNC_PREFLEN); data/bash-5.1~rc3/variables.c:4729:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (q, name, name_len); data/bash-5.1~rc3/variables.c:4731:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (q, BASHFUNC_SUFFIX, BASHFUNC_SUFFLEN); data/bash-5.1~rc3/variables.c:4737:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, name, name_len); data/bash-5.1~rc3/variables.c:4748:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (q + 1, t, value_len + 1); data/bash-5.1~rc3/variables.c:4752:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (q + 1, value, value_len + 1); data/bash-5.1~rc3/variables.c:6173:60: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). eof_encountered_limit = (*temp && all_digits (temp)) ? atoi (temp) : 10; data/bash-5.1~rc3/variables.c:6193:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). s = atoi (tt); data/bash-5.1~rc3/variables.c:6212:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sh_opterr = (tt && *tt) ? atoi (tt) : 1; data/bash-5.1~rc3/variables.c:6260:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *t, tbuf[INT_STRLEN_BOUND(int) + 1]; data/bash-5.1~rc3/variables.c:6459:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). s = (tt && *tt) ? atoi (tt) : 0; data/bash-5.1~rc3/version.c:62:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tt[32] = { '\0' }; data/bash-5.1~rc3/y.tab.c:3698:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)&bash_input.location.string, (char *)&location.string, sizeof(location)); data/bash-5.1~rc3/y.tab.c:5838:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). parse_matched_pair (qc, open, close, lenp, flags) data/bash-5.1~rc3/y.tab.c:5840:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open, close; data/bash-5.1~rc3/y.tab.c:5939:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if MBTEST(open != close && (tflags & LEX_WASDOL) && open == '{' && ch == open) /* } */ data/bash-5.1~rc3/y.tab.c:5939:85: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if MBTEST(open != close && (tflags & LEX_WASDOL) && open == '{' && ch == open) /* } */ data/bash-5.1~rc3/y.tab.c:5941:61: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if MBTEST(((flags & P_FIRSTCLOSE) == 0) && ch == open) /* nested begin */ data/bash-5.1~rc3/y.tab.c:6002:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (open != close) /* a grouping construct */ data/bash-5.1~rc3/y.tab.c:6081:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if MBTEST(open != '`' && (tflags & LEX_WASDOL) && (ch == '(' || ch == '{' || ch == '[')) /* ) } ] */ data/bash-5.1~rc3/y.tab.c:6196:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). parse_comsub (qc, open, close, lenp, flags) data/bash-5.1~rc3/y.tab.c:6198:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open, close; data/bash-5.1~rc3/y.tab.c:6211:37: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return (parse_matched_pair (qc, open, close, lenp, 0)); data/bash-5.1~rc3/y.tab.c:6644:91: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if MBTEST(((flags & P_FIRSTCLOSE) == 0) && (tflags & LEX_INCASE) == 0 && ch == open) /* nested begin */ data/bash-5.1~rc3/y.tab.c:7240:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (atoken, t, i); data/bash-5.1~rc3/y.tab.c:8091:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *temp, *t_host, octal_string[4]; data/bash-5.1~rc3/y.tab.c:8094:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[128]; data/bash-5.1~rc3/y.tab.c:8260:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t_string[PATH_MAX]; data/bash-5.1~rc3/y.tab.c:8981:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ps->redir_stack, redir_stack, sizeof (redir_stack[0]) * HEREDOC_MAX); data/bash-5.1~rc3/y.tab.c:9042:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (redir_stack, ps->redir_stack, sizeof (redir_stack[0]) * HEREDOC_MAX); data/bash-5.1~rc3/alias.c:132:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = value[strlen (value) - 1]; data/bash-5.1~rc3/alias.c:146:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = value[strlen (value) - 1]; data/bash-5.1~rc3/alias.c:487:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line_len = strlen (string) + 1; data/bash-5.1~rc3/alias.c:517:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen (line); data/bash-5.1~rc3/alias.c:520:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (line + j, string + start, tl); data/bash-5.1~rc3/alias.c:543:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (token, string + start, tl); data/bash-5.1~rc3/alias.c:566:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vlen = strlen (v); data/bash-5.1~rc3/alias.c:567:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). llen = strlen (line); data/bash-5.1~rc3/alias.c:582:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). llen = strlen (line); data/bash-5.1~rc3/alias.c:587:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (line + llen, string + real_start, tlen); data/bash-5.1~rc3/array.c:856:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(sep); data/bash-5.1~rc3/array.c:863:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reg = strlen(t); data/bash-5.1~rc3/arrayfunc.c:830:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string); data/bash-5.1~rc3/arrayfunc.c:880:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wlen = strlen (w); data/bash-5.1~rc3/arrayfunc.c:1154:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (t) - 1; data/bash-5.1~rc3/arrayfunc.c:1192:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (exp, s, len - 1); data/bash-5.1~rc3/bashhist.c:839:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msglen = strlen (line); data/bash-5.1~rc3/bashhist.c:852:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (trunc, msg, SYSLOG_MAXLEN - hdrlen - seqlen - 7 - 1); data/bash-5.1~rc3/bashhist.c:890:82: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((parser_state & PST_HEREDOC) && current_command_line_count > 2 && line[strlen (line) - 1] == '\n') data/bash-5.1~rc3/bashhist.c:909:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). curlen = strlen (current->line); data/bash-5.1~rc3/bashhist.c:928:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen (line) data/bash-5.1~rc3/bashhist.c:929:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen (chars_to_add)); data/bash-5.1~rc3/bashline.c:413:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nval = (char *)xmalloc (strlen (rl_completer_word_break_characters) + 1 + on_or_off); data/bash-5.1~rc3/bashline.c:842:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (name, buffer + start, i - start); data/bash-5.1~rc3/bashline.c:899:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (text); data/bash-5.1~rc3/bashline.c:945:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command = (char *)xmalloc (strlen (edit_command) + 8); data/bash-5.1~rc3/bashline.c:1981:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hint_len = strlen (hint); data/bash-5.1~rc3/bashline.c:2009:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hint_len = strlen (hint); data/bash-5.1~rc3/bashline.c:2349:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (value = filename_text + strlen (filename_text) - 1; value > filename_text; value--) data/bash-5.1~rc3/bashline.c:2383:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). value = (char *)xmalloc (1 + start_len + strlen (matches[cmd_index])); data/bash-5.1~rc3/bashline.c:2388:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (value, orig_start, start_len); data/bash-5.1~rc3/bashline.c:2439:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). value = (char *)xmalloc (4 + strlen (varlist[varlist_index])); data/bash-5.1~rc3/bashline.c:2450:2: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (value, "}"); data/bash-5.1~rc3/bashline.c:2488:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = (char *)xmalloc (2 + strlen (list[list_index])); data/bash-5.1~rc3/bashline.c:2521:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snamelen = strlen (sname); data/bash-5.1~rc3/bashline.c:2576:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gnamelen = strlen (gname); data/bash-5.1~rc3/bashline.c:2993:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (nlen = strlen (name), p = fignore.ignores; p->val; p++) data/bash-5.1~rc3/bashline.c:3102:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vl = strlen (val); data/bash-5.1~rc3/bashline.c:3108:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dl2 = strlen (dh2); data/bash-5.1~rc3/bashline.c:3111:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xl = strlen (expdir); data/bash-5.1~rc3/bashline.c:3404:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (t && unclosed_pair (local_dirname, strlen (local_dirname), "`") == 0) data/bash-5.1~rc3/bashline.c:3431:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen (default_filename_quote_characters); data/bash-5.1~rc3/bashline.c:3512:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len1 = strlen (temp1); data/bash-5.1~rc3/bashline.c:3515:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = strlen (temp2); data/bash-5.1~rc3/bashline.c:3607:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (text); data/bash-5.1~rc3/bashline.c:3855:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). glen = strlen (ttext); data/bash-5.1~rc3/bashline.c:4028:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (text); data/bash-5.1~rc3/bashline.c:4076:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (text); data/bash-5.1~rc3/bashline.c:4201:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rlen = strlen (rtext); data/bash-5.1~rc3/bracecomp.c:88:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gcd = strlen (array[start]); data/bash-5.1~rc3/bracecomp.c:127:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (x, array[start] + gcd_zero, tlen); data/bash-5.1~rc3/bracecomp.c:131:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result_size += strlen (subterm) + 1; data/bash-5.1~rc3/bracecomp.c:135:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (result, "{"); data/bash-5.1~rc3/bracecomp.c:137:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). subterm[strlen (subterm) - 1] = '}'; data/bash-5.1~rc3/bracecomp.c:140:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result_size += strlen (subterm) + 1; data/bash-5.1~rc3/bracecomp.c:143:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (result, ","); data/bash-5.1~rc3/bracecomp.c:148:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result[strlen (result) - 1] = flag ? '}' : '\0'; data/bash-5.1~rc3/braces.c:117:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen (text); data/bash-5.1~rc3/braces.c:154:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (preamble, text, i); data/bash-5.1~rc3/braces.c:206:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (amble, &text[start], (i - start)); data/bash-5.1~rc3/braces.c:309:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (tem, &text[start], (i - start)); data/bash-5.1~rc3/braces.c:766:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int strlen_1 = strlen (arr1[i]); data/bash-5.1~rc3/braces.c:770:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result[len] = (char *)xmalloc (1 + strlen_1 + strlen (arr2[j])); data/bash-5.1~rc3/braces.c:824:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (example)) data/bash-5.1~rc3/braces.c:825:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). example[strlen (example) - 1] = '\0'; data/bash-5.1~rc3/builtins/common.c:671:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wl = strlen (name); data/bash-5.1~rc3/builtins/common.c:683:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cl = strlen (p->command); data/bash-5.1~rc3/builtins/evalfile.c:161:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nr = read (fd, string, file_size); data/bash-5.1~rc3/builtins/evalfile.c:192:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen (string); data/bash-5.1~rc3/builtins/gen-helpfiles.c:168:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hdlen = strlen ("helpfiles/"); data/bash-5.1~rc3/builtins/gen-helpfiles.c:174:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). helpfile = (char *)malloc (hdlen + strlen (fname) + 1); data/bash-5.1~rc3/builtins/mkbuiltins.c:68:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define savestring(x) strcpy (xmalloc (1 + strlen (x)), (x)) data/bash-5.1~rc3/builtins/mkbuiltins.c:247:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). error_directory = xmalloc (2 + strlen (argv[arg_index])); data/bash-5.1~rc3/builtins/mkbuiltins.c:249:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (error_directory); data/bash-5.1~rc3/builtins/mkbuiltins.c:252:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (error_directory, "/"); data/bash-5.1~rc3/builtins/mkbuiltins.c:526:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((nr = read (fd, buffer, file_size)) < 0) data/bash-5.1~rc3/builtins/mkbuiltins.c:581:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (directive, line + 1, j - 1); data/bash-5.1~rc3/builtins/mkbuiltins.c:719:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen (string) - 1; data/bash-5.1~rc3/builtins/mkbuiltins.c:1335:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l = strlen (helpfile_directory) + strlen (dname) + 1; data/bash-5.1~rc3/builtins/mkbuiltins.c:1335:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l = strlen (helpfile_directory) + strlen (dname) + 1; data/bash-5.1~rc3/builtins/mkbuiltins.c:1582:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hdlen = strlen ("helpfiles/"); data/bash-5.1~rc3/builtins/mkbuiltins.c:1588:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). helpfile = (char *)xmalloc (hdlen + strlen (bname) + 1); data/bash-5.1~rc3/debian/bash.preinst.c:56:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!memcmp(item, "/bin/sh\n", strlen("/bin/sh\n") + 1)) data/bash-5.1~rc3/debian/bash.preinst.c:62:46: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (ch = 0; ch != '\n' && ch != EOF; ch = fgetc(file)) data/bash-5.1~rc3/debian/bash.preinst.c:125:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (len == strlen("bash\n") && !memcmp(packagename, "bash\n", len)) data/bash-5.1~rc3/debian/clear_console.c:158:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tty) >= 9 && !strncmp(tty, "/dev/pts/", 9)) data/bash-5.1~rc3/debian/clear_console.c:161:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tty) >= 8 && !strncmp(tty, "/dev/tty", 8) data/bash-5.1~rc3/error.c:373:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r = result = (char *)xmalloc (strlen (str) * 2 + 1); data/bash-5.1~rc3/eval.c:243:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write (1, msg, strlen (msg)); data/bash-5.1~rc3/examples/loadables/basename.c:65:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string); data/bash-5.1~rc3/examples/loadables/basename.c:100:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sufflen = strlen (suffix); data/bash-5.1~rc3/examples/loadables/basename.c:101:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (fn); data/bash-5.1~rc3/examples/loadables/cat.c:45:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (n = read(fd, buf, sizeof (buf))) { data/bash-5.1~rc3/examples/loadables/cat.c:51:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(2, s, strlen(s)); data/bash-5.1~rc3/examples/loadables/cat.c:78:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(2, argv[i], strlen(argv[i])); data/bash-5.1~rc3/examples/loadables/cat.c:80:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(2, s, strlen(s)); data/bash-5.1~rc3/examples/loadables/csv.c:60:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xbuf = xmalloc (strlen (prev) + 1); data/bash-5.1~rc3/examples/loadables/cut.c:159:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). llen = strlen (line); data/bash-5.1~rc3/examples/loadables/cut.c:216:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). llen = strlen (line); data/bash-5.1~rc3/examples/loadables/dirname.c:53:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string); data/bash-5.1~rc3/examples/loadables/head.c:80:20: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((ch = getc (fp)) != EOF) data/bash-5.1~rc3/examples/loadables/ln.c:134:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dlen = strlen (dir); data/bash-5.1~rc3/examples/loadables/ln.c:135:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flen = strlen (file); data/bash-5.1~rc3/examples/loadables/mkdir.c:108:20: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). original_umask = umask (0); data/bash-5.1~rc3/examples/loadables/mkdir.c:109:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (original_umask); data/bash-5.1~rc3/examples/loadables/mkdir.c:163:12: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). oumask = umask (0); data/bash-5.1~rc3/examples/loadables/mkdir.c:181:8: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (original_umask); data/bash-5.1~rc3/examples/loadables/mkdir.c:188:8: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (original_umask); data/bash-5.1~rc3/examples/loadables/mkdir.c:196:11: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (original_umask); data/bash-5.1~rc3/examples/loadables/mkdir.c:210:7: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (original_umask); data/bash-5.1~rc3/examples/loadables/mkdir.c:215:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (original_umask); data/bash-5.1~rc3/examples/loadables/mkfifo.c:105:20: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). original_umask = umask (0); data/bash-5.1~rc3/examples/loadables/mkfifo.c:106:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask (original_umask); data/bash-5.1~rc3/examples/loadables/pathchk.c:373:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (path) > path_max) data/bash-5.1~rc3/examples/loadables/pathchk.c:376:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path, (unsigned long)strlen (path), path_max); data/bash-5.1~rc3/examples/loadables/print.c:183:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ostr = ansicstr (l->word->word, strlen (l->word->word), 0, &sawc, (int *)0); data/bash-5.1~rc3/examples/loadables/rm.c:49:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dirlen = strlen (dirname); data/bash-5.1~rc3/examples/loadables/rm.c:57:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char fname[dirlen + 1 + strlen (dp->d_name) + 1]; data/bash-5.1~rc3/examples/loadables/rm.c:69:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fnsize = dirlen + 1 + strlen (dp->d_name) + 1; data/bash-5.1~rc3/examples/loadables/stat.c:263:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen (tbuf); data/bash-5.1~rc3/examples/loadables/strftime.c:85:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tbsize = strlen (format) * 4; data/bash-5.1~rc3/examples/loadables/tee.c:126:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((nr = read(0, buf, TEE_BUFSIZE)) > 0) data/bash-5.1~rc3/execute_cmd.c:1241:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (format); data/bash-5.1~rc3/execute_cmd.c:2256:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (cp->c_name); data/bash-5.1~rc3/execute_cmd.c:2329:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (cp->c_name); data/bash-5.1~rc3/execute_cmd.c:5783:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read (fd, buf, HASH_BANG_BUFSIZ); \ data/bash-5.1~rc3/execute_cmd.c:5845:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ilen = strlen (interp); data/bash-5.1~rc3/expr.c:379:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). llen = strlen (vname) + sizeof (ibuf) + 3; data/bash-5.1~rc3/findcmd.c:290:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dotexe = (char *)xmalloc (strlen (name) + 5); data/bash-5.1~rc3/findcmd.c:456:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_len = strlen (name); data/bash-5.1~rc3/findcmd.c:630:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_len = strlen (name); data/bash-5.1~rc3/general.c:900:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = home ? strlen (home) : 0; data/bash-5.1~rc3/general.c:903:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (tdir + 1, name + l, sizeof(tdir) - 2); data/bash-5.1~rc3/general.c:924:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (name == 0 || (nlen = strlen (name)) == 0) data/bash-5.1~rc3/general.c:1013:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (string); data/bash-5.1~rc3/general.c:1185:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (ret, s, l); data/bash-5.1~rc3/general.h:69:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define savestring(x) (char *)strcpy (xmalloc (1 + strlen (x)), (x)) data/bash-5.1~rc3/general.h:171:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define STRLEN(s) (((s) && (s)[0]) ? ((s)[1] ? ((s)[2] ? strlen(s) : 2) : 1) : 0) data/bash-5.1~rc3/hashcmd.c:152:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dotted_filename = (char *)xmalloc (3 + strlen (tail)); data/bash-5.1~rc3/include/posixdir.h:31:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define D_NAMLEN(d) (strlen ((d)->d_name)) data/bash-5.1~rc3/input.c:87:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). local_bufused = read (fileno (stream), localbuf, sizeof(localbuf)); data/bash-5.1~rc3/jobs.c:1905:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy (temp, _("Done"), sizeof (retcode_name_buffer) - 1); data/bash-5.1~rc3/jobs.c:5105:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (read (pp[0], &ch, 1) == -1 && errno == EINTR) data/bash-5.1~rc3/lib/glob/glob.c:202:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). se = pp + strlen (pp) - 1; /* end of string */ data/bash-5.1~rc3/lib/glob/glob.c:329:13: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). se = pp + wcslen (pp) - 1; /*(*/ data/bash-5.1~rc3/lib/glob/glob.c:471:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (pathname); data/bash-5.1~rc3/lib/glob/glob.c:691:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). patlen = (pat && *pat) ? strlen (pat) : 0; data/bash-5.1~rc3/lib/glob/glob.c:707:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dirlen = strlen (dir); data/bash-5.1~rc3/lib/glob/glob.c:859:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sdlen = strlen (subdir); data/bash-5.1~rc3/lib/glob/glob.c:919:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sdlen = strlen (dir); data/bash-5.1~rc3/lib/glob/glob.c:1017:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (dir); data/bash-5.1~rc3/lib/glob/glob.c:1025:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (array[i]); data/bash-5.1~rc3/lib/glob/glob.c:1050:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result[i] = (char *) malloc (l + strlen (array[i]) + 3); data/bash-5.1~rc3/lib/glob/glob.c:1072:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rlen = strlen (result[i]); data/bash-5.1~rc3/lib/glob/glob.c:1190:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). directory_len = strlen (d); data/bash-5.1~rc3/lib/glob/glob.c:1427:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). directory_len = strlen (directory_name); data/bash-5.1~rc3/lib/glob/gmisc.c:94:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). se = p + strlen (p) - 1; data/bash-5.1~rc3/lib/glob/smatch.c:324:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define STRLEN(S) strlen(S) data/bash-5.1~rc3/lib/glob/smatch.c:488:26: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mbs = (char *) malloc (wcslen(name) * MB_CUR_MAX + 1); data/bash-5.1~rc3/lib/glob/smatch.c:491:57: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mbslength = wcsrtombs (mbs, (const wchar_t **)&name, (wcslen(name) * MB_CUR_MAX + 1), &state); data/bash-5.1~rc3/lib/glob/smatch.c:569:20: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define STRLEN(S) wcslen(S) data/bash-5.1~rc3/lib/glob/xmbsrtowcs.c:80:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen (*src); data/bash-5.1~rc3/lib/intl/bindtextdom.c:163:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen (dirname) + 1; data/bash-5.1~rc3/lib/intl/bindtextdom.c:201:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen (codeset) + 1; data/bash-5.1~rc3/lib/intl/bindtextdom.c:233:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen (domainname) + 1; data/bash-5.1~rc3/lib/intl/bindtextdom.c:261:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen (dirname) + 1; data/bash-5.1~rc3/lib/intl/bindtextdom.c:292:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen (codeset) + 1; data/bash-5.1~rc3/lib/intl/dcigettext.c:492:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msgid_len = strlen (msgid1) + 1; data/bash-5.1~rc3/lib/intl/dcigettext.c:546:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t dirname_len = strlen (binding->dirname) + 1; data/bash-5.1~rc3/lib/intl/dcigettext.c:579:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). domainname_len = strlen (domainname); data/bash-5.1~rc3/lib/intl/dcigettext.c:580:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xdomainname = (char *) alloca (strlen (categoryname) data/bash-5.1~rc3/lib/intl/dcigettext.c:589:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). single_locale = (char *) alloca (strlen (categoryvalue) + 1); data/bash-5.1~rc3/lib/intl/dcigettext.c:763:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nls_uint32 len = strlen (msgid); data/bash-5.1~rc3/lib/intl/eval-plural.h:96:13: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. case equal: data/bash-5.1~rc3/lib/intl/finddomain.c:94:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (dirname) + 1, 0, locale, NULL, NULL, data/bash-5.1~rc3/lib/intl/finddomain.c:130:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen (alias_value) + 1; data/bash-5.1~rc3/lib/intl/finddomain.c:149:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (dirname) + 1, mask, language, territory, data/bash-5.1~rc3/lib/intl/l10nflist.c:100:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t part_len = strlen (argz); data/bash-5.1~rc3/lib/intl/l10nflist.c:128:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t part_len = strlen (argz); data/bash-5.1~rc3/lib/intl/l10nflist.c:223:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen (language) data/bash-5.1~rc3/lib/intl/l10nflist.c:225:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ? strlen (territory) + 1 : 0) data/bash-5.1~rc3/lib/intl/l10nflist.c:227:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ? strlen (codeset) + 1 : 0) data/bash-5.1~rc3/lib/intl/l10nflist.c:229:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ? strlen (normalized_codeset) + 1 : 0) data/bash-5.1~rc3/lib/intl/l10nflist.c:232:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ? strlen (modifier) + 1 : 0) data/bash-5.1~rc3/lib/intl/l10nflist.c:234:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ? strlen (special) + 1 : 0) data/bash-5.1~rc3/lib/intl/l10nflist.c:238:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ? strlen (sponsor) : 0) data/bash-5.1~rc3/lib/intl/l10nflist.c:240:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ? strlen (revision) + 1 : 0)) : 0) data/bash-5.1~rc3/lib/intl/l10nflist.c:241:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + 1 + strlen (filename) + 1); data/bash-5.1~rc3/lib/intl/l10nflist.c:380:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). = _nl_make_l10nflist (l10nfile_list, dir, strlen (dir) + 1, data/bash-5.1~rc3/lib/intl/loadmsgcat.c:464:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). # define read __read data/bash-5.1~rc3/lib/intl/loadmsgcat.c:807:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). charsetstr += strlen ("charset="); data/bash-5.1~rc3/lib/intl/loadmsgcat.c:859:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (outcharset); data/bash-5.1~rc3/lib/intl/loadmsgcat.c:991:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). long int nb = (long int) read (fd, read_ptr, to_read); data/bash-5.1~rc3/lib/intl/loadmsgcat.c:1162:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need += strlen (sysdep_segment_values[sysdepref]); data/bash-5.1~rc3/lib/intl/loadmsgcat.c:1230:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen (sysdep_segment_values[sysdepref]); data/bash-5.1~rc3/lib/intl/localcharset.c:91:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). # undef getc data/bash-5.1~rc3/lib/intl/localcharset.c:92:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). # define getc getc_unlocked data/bash-5.1~rc3/lib/intl/localcharset.c:126:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t dir_len = strlen (dir); data/bash-5.1~rc3/lib/intl/localcharset.c:127:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t base_len = strlen (base); data/bash-5.1~rc3/lib/intl/localcharset.c:154:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc (fp); data/bash-5.1~rc3/lib/intl/localcharset.c:163:11: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc (fp); data/bash-5.1~rc3/lib/intl/localcharset.c:170:12: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (fscanf (fp, "%50s %50s", buf1, buf2) < 2) data/bash-5.1~rc3/lib/intl/localcharset.c:172:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l1 = strlen (buf1); data/bash-5.1~rc3/lib/intl/localcharset.c:173:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l2 = strlen (buf2); data/bash-5.1~rc3/lib/intl/localcharset.c:384:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). aliases += strlen (aliases) + 1, aliases += strlen (aliases) + 1) data/bash-5.1~rc3/lib/intl/localcharset.c:384:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). aliases += strlen (aliases) + 1, aliases += strlen (aliases) + 1) data/bash-5.1~rc3/lib/intl/localcharset.c:388:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). codeset = aliases + strlen (aliases) + 1; data/bash-5.1~rc3/lib/intl/localealias.c:313:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). alias_len = strlen (alias) + 1; data/bash-5.1~rc3/lib/intl/localealias.c:314:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). value_len = strlen (value) + 1; data/bash-5.1~rc3/lib/intl/log.c:83:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). last_logfilename = (char *) malloc (strlen (logfilename) + 1); data/bash-5.1~rc3/lib/intl/os2compat.c:61:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen (root); data/bash-5.1~rc3/lib/intl/os2compat.c:62:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _nlos2_libdir = (char *) malloc (sl + strlen (LIBDIR) + 1); data/bash-5.1~rc3/lib/intl/os2compat.c:64:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy (_nlos2_libdir + sl, LIBDIR, strlen (LIBDIR) + 1); data/bash-5.1~rc3/lib/intl/os2compat.c:75:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen (root); data/bash-5.1~rc3/lib/intl/os2compat.c:76:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _nlos2_localealiaspath = (char *) malloc (sl + strlen (LOCALE_ALIAS_PATH) + 1); data/bash-5.1~rc3/lib/intl/os2compat.c:78:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy (_nlos2_localealiaspath + sl, LOCALE_ALIAS_PATH, strlen (LOCALE_ALIAS_PATH) + 1); data/bash-5.1~rc3/lib/intl/os2compat.c:89:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sl = strlen (root); data/bash-5.1~rc3/lib/intl/os2compat.c:90:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _nlos2_localedir = (char *) malloc (sl + strlen (LOCALEDIR) + 1); data/bash-5.1~rc3/lib/intl/os2compat.c:92:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy (_nlos2_localedir + sl, LOCALEDIR, strlen (LOCALEDIR) + 1); data/bash-5.1~rc3/lib/intl/os2compat.c:98:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (_nlos2_localedir) <= MAXPATHLEN) data/bash-5.1~rc3/lib/intl/plural-exp.h:64:5: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal, /* Comparison for equality. */ data/bash-5.1~rc3/lib/intl/plural.c:763:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/bash-5.1~rc3/lib/intl/plural.c:1573:15: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. lval->op = equal; data/bash-5.1~rc3/lib/intl/relocatable.c:113:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). orig_prefix_len = strlen (orig_prefix_arg); data/bash-5.1~rc3/lib/intl/relocatable.c:114:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). curr_prefix_len = strlen (curr_prefix_arg); data/bash-5.1~rc3/lib/intl/relocatable.c:178:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp (orig_installprefix, orig_installdir, strlen (orig_installprefix)) data/bash-5.1~rc3/lib/intl/relocatable.c:182:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rel_installdir = orig_installdir + strlen (orig_installprefix); data/bash-5.1~rc3/lib/intl/relocatable.c:187:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char *p = curr_pathname + strlen (curr_pathname); data/bash-5.1~rc3/lib/intl/relocatable.c:210:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char *rp = rel_installdir + strlen (rel_installdir); data/bash-5.1~rc3/lib/intl/relocatable.c:211:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char *cp = curr_installdir + strlen (curr_installdir); data/bash-5.1~rc3/lib/intl/relocatable.c:326:19: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (c = getc (fp), c != EOF && c != '\n' && c != '/') data/bash-5.1~rc3/lib/intl/relocatable.c:345:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (c = getc (fp), c != EOF && c != '\n') data/bash-5.1~rc3/lib/intl/relocatable.c:424:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (char *) xmalloc (curr_prefix_len + strlen (pathname_tail) + 1); data/bash-5.1~rc3/lib/intl/textdomain.c:115:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen (domainname) + 1; data/bash-5.1~rc3/lib/malloc/malloc.c:1451:1: [1] (free) memalign: On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct (CWE-676). Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient. memalign (alignment, size) data/bash-5.1~rc3/lib/malloc/stats.c:193:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (pidbuf) + strlen (fn) + 2) >= sizeof (fname)) data/bash-5.1~rc3/lib/malloc/stats.c:193:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (pidbuf) + strlen (fn) + 2) >= sizeof (fname)) data/bash-5.1~rc3/lib/readline/bind.c:327:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). keys = (char *)xmalloc (1 + (2 * strlen (keyseq))); data/bash-5.1~rc3/lib/readline/bind.c:362:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). macro_keys = (char *)xmalloc ((2 * strlen (macro)) + 1); data/bash-5.1~rc3/lib/readline/bind.c:397:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). keys = (char *)xmalloc (1 + (2 * strlen (keyseq))); data/bash-5.1~rc3/lib/readline/bind.c:740:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r = ret = (char *)xmalloc (7 * strlen (seq) + 1); data/bash-5.1~rc3/lib/readline/bind.c:874:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return _rl_function_of_keyseq_internal (keyseq, strlen (keyseq), map, type); data/bash-5.1~rc3/lib/readline/bind.c:925:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). i = read (file, buffer, file_size); data/bash-5.1~rc3/lib/readline/bind.c:1191:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). llen = strlen (args); data/bash-5.1~rc3/lib/readline/bind.c:1329:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vlen = strlen (vname); data/bash-5.1~rc3/lib/readline/bind.c:1623:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). e = value + strlen (value) - 1; data/bash-5.1~rc3/lib/readline/bind.c:1695:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). seq = (char *)xmalloc (1 + strlen (string)); data/bash-5.1~rc3/lib/readline/bind.c:1719:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen (funname); data/bash-5.1~rc3/lib/readline/bind.c:1767:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int fl = strlen (funname); data/bash-5.1~rc3/lib/readline/bind.c:2179:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _rl_isearch_terminators = (char *)xmalloc (2 * strlen (v) + 1); data/bash-5.1~rc3/lib/readline/bind.c:2195:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _rl_emacs_mode_str = (char *)xmalloc (2 * strlen (value) + 1); data/bash-5.1~rc3/lib/readline/bind.c:2223:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _rl_vi_ins_mode_str = (char *)xmalloc (2 * strlen (value) + 1); data/bash-5.1~rc3/lib/readline/bind.c:2251:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _rl_vi_cmd_mode_str = (char *)xmalloc (2 * strlen (value) + 1); data/bash-5.1~rc3/lib/readline/bind.c:2619:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *keyname = (char *)xmalloc (6 + strlen (seqs[i])); data/bash-5.1~rc3/lib/readline/bind.c:2792:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix_len = prefix ? strlen (prefix) : 0; data/bash-5.1~rc3/lib/readline/bind.c:2807:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out = (char *)xmalloc (strlen (keyname) + prefix_len + 1); data/bash-5.1~rc3/lib/readline/bind.c:2888:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (numbuf, ret, sizeof (numbuf) - 1); data/bash-5.1~rc3/lib/readline/colors.c:258:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (name); data/bash-5.1~rc3/lib/readline/complete.c:762:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). left = strlen (string) + 1; data/bash-5.1~rc3/lib/readline/complete.c:817:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). print_len = strlen (to_print); data/bash-5.1~rc3/lib/readline/complete.c:821:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). print_len = strlen (to_print); data/bash-5.1~rc3/lib/readline/complete.c:982:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (s); data/bash-5.1~rc3/lib/readline/complete.c:983:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen (to_print); data/bash-5.1~rc3/lib/readline/complete.c:1054:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r = (char *)xmalloc (strlen (s) + 2); data/bash-5.1~rc3/lib/readline/complete.c:1356:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). v1 = mbrtowc(&wc1, match_list[i]+si, strlen (match_list[i]+si), &ps1); data/bash-5.1~rc3/lib/readline/complete.c:1357:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). v2 = mbrtowc (&wc2, match_list[i+1]+si, strlen (match_list[i+1]+si), &ps2); data/bash-5.1~rc3/lib/readline/complete.c:1389:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). match_list[0] = (char *)xmalloc (strlen (text) + 1); data/bash-5.1~rc3/lib/readline/complete.c:1426:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). si = strlen (text); data/bash-5.1~rc3/lib/readline/complete.c:1435:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (match_list[0], match_list[i], low); data/bash-5.1~rc3/lib/readline/complete.c:1440:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (match_list[0], match_list[1], low); data/bash-5.1~rc3/lib/readline/complete.c:1445:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (match_list[0], match_list[1], low); data/bash-5.1~rc3/lib/readline/complete.c:1544:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sind = temp ? strlen (temp) : strlen (t); data/bash-5.1~rc3/lib/readline/complete.c:1544:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sind = temp ? strlen (temp) : strlen (t); data/bash-5.1~rc3/lib/readline/complete.c:1808:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rlen = strlen (replacement); data/bash-5.1~rc3/lib/readline/complete.c:1832:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rl_point = start + strlen (r); data/bash-5.1~rc3/lib/readline/complete.c:2036:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen (text); data/bash-5.1~rc3/lib/readline/complete.c:2085:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mlen = *matches[0] ? strlen (matches[0]) : 0; data/bash-5.1~rc3/lib/readline/complete.c:2282:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namelen = strlen (username); data/bash-5.1~rc3/lib/readline/complete.c:2306:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). value = (char *)xmalloc (2 + strlen (entry->pw_name)); data/bash-5.1~rc3/lib/readline/complete.c:2563:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filename_len = strlen (filename); data/bash-5.1~rc3/lib/readline/complete.c:2585:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). convlen = (convfn == dentry) ? dentlen : strlen (convfn); data/bash-5.1~rc3/lib/readline/complete.c:2639:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dirlen = strlen (dirname); data/bash-5.1~rc3/lib/readline/complete.c:2652:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dirlen = strlen (users_dirname); data/bash-5.1~rc3/lib/readline/complete.c:2909:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). orig_end = orig_start + strlen (matches[0]); data/bash-5.1~rc3/lib/readline/display.c:367:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (pmt); data/bash-5.1~rc3/lib/readline/display.c:387:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (nprompt); data/bash-5.1~rc3/lib/readline/display.c:408:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (nprompt); /* XXX */ data/bash-5.1~rc3/lib/readline/display.c:590:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). local_prompt_len = local_prompt ? strlen (local_prompt) : 0; data/bash-5.1~rc3/lib/readline/display.c:612:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). local_prompt_len = local_prompt ? strlen (local_prompt) : 0; data/bash-5.1~rc3/lib/readline/display.c:832:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _rl_output_some_chars (local_prompt_prefix, strlen (local_prompt_prefix)); data/bash-5.1~rc3/lib/readline/display.c:859:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prompt_physical_chars = pmtlen = strlen (prompt_this_line); /* XXX */ data/bash-5.1~rc3/lib/readline/display.c:1367:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((linenum == _rl_vis_botlin) ? strlen (tt) : _rl_screenwidth); data/bash-5.1~rc3/lib/readline/display.c:1800:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove (old+newbytes, old+oldbytes, strlen (old+oldbytes) + 1); data/bash-5.1~rc3/lib/readline/display.c:1801:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove (old_face+newbytes, old_face+oldbytes, strlen (old+oldbytes) + 1); data/bash-5.1~rc3/lib/readline/display.c:2595:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prompt_size = strlen (rl_prompt) + 1; data/bash-5.1~rc3/lib/readline/display.c:2609:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (prompt_last_line); data/bash-5.1~rc3/lib/readline/display.c:2987:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). local_prompt_len = local_prompt ? strlen (local_prompt) : 0; data/bash-5.1~rc3/lib/readline/display.c:3020:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). local_prompt_len = local_prompt ? strlen (local_prompt) : 0; data/bash-5.1~rc3/lib/readline/display.c:3116:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (rl_prompt && *rl_prompt) ? strlen (rl_prompt) : 0; data/bash-5.1~rc3/lib/readline/display.c:3126:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (p); data/bash-5.1~rc3/lib/readline/display.c:3340:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). local_prompt_len = local_prompt ? strlen (local_prompt) : 0; data/bash-5.1~rc3/lib/readline/examples/fileman.c:123:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r = xmalloc (strlen (s) + 1); data/bash-5.1~rc3/lib/readline/examples/fileman.c:231:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = s + strlen (s) - 1; data/bash-5.1~rc3/lib/readline/examples/fileman.c:301:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (text); data/bash-5.1~rc3/lib/readline/examples/histexamp.c:50:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (t); data/bash-5.1~rc3/lib/readline/examples/histexamp.c:76:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (line, expansion, sizeof (line) - 1); data/bash-5.1~rc3/lib/readline/examples/rlcat.c:135:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(fp)) != EOF) data/bash-5.1~rc3/lib/readline/histexpand.c:247:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (temp, string + local_index, which); data/bash-5.1~rc3/lib/readline/histexpand.c:415:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (temp, s + start, ll); data/bash-5.1~rc3/lib/readline/histexpand.c:686:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (i + 2 < (int)strlen (string)) data/bash-5.1~rc3/lib/readline/histexpand.c:719:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). subst_lhs_len = strlen (subst_lhs); data/bash-5.1~rc3/lib/readline/histexpand.c:748:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l_temp = strlen (temp); data/bash-5.1~rc3/lib/readline/histexpand.c:789:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (new_event, temp, si); data/bash-5.1~rc3/lib/readline/histexpand.c:790:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (new_event + si, subst_rhs, subst_rhs_len); data/bash-5.1~rc3/lib/readline/histexpand.c:791:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (new_event + si + subst_rhs_len, data/bash-5.1~rc3/lib/readline/histexpand.c:806:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l_temp = strlen (temp); data/bash-5.1~rc3/lib/readline/histexpand.c:813:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l_temp = strlen (temp); data/bash-5.1~rc3/lib/readline/histexpand.c:857:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen (temp); data/bash-5.1~rc3/lib/readline/histexpand.c:884:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int sl = strlen (s); \ data/bash-5.1~rc3/lib/readline/histexpand.c:941:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (hstring); data/bash-5.1~rc3/lib/readline/histexpand.c:1125:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (mb) > 1) data/bash-5.1~rc3/lib/readline/histexpand.c:1174:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (temp, string + quote, slen); data/bash-5.1~rc3/lib/readline/histexpand.c:1227:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp = (char *)xmalloc (1 + strlen (result)); data/bash-5.1~rc3/lib/readline/histexpand.c:1429:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += strlen (list[i]) + 1; data/bash-5.1~rc3/lib/readline/histexpand.c:1436:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). offset += strlen (list[i]); data/bash-5.1~rc3/lib/readline/histexpand.c:1594:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (result, string + start, len); data/bash-5.1~rc3/lib/readline/histfile.c:174:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). home_len = strlen (home); data/bash-5.1~rc3/lib/readline/histfile.c:208:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (fn); data/bash-5.1~rc3/lib/readline/histfile.c:237:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (fn); data/bash-5.1~rc3/lib/readline/histfile.c:338:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). chars_read = read (file, buffer, file_size); data/bash-5.1~rc3/lib/readline/histfile.c:583:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). chars_read = read (file, buffer, file_size); data/bash-5.1~rc3/lib/readline/histfile.c:732:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_size += strlen (the_history[i]->timestamp) + 1; data/bash-5.1~rc3/lib/readline/histfile.c:733:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_size += strlen (the_history[i]->line) + 1; data/bash-5.1~rc3/lib/readline/histfile.c:771:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j += strlen (the_history[i]->timestamp); data/bash-5.1~rc3/lib/readline/histfile.c:775:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j += strlen (the_history[i]->line); data/bash-5.1~rc3/lib/readline/histlib.h:38:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define savestring(x) strcpy (xmalloc (1 + strlen (x)), (x)) data/bash-5.1~rc3/lib/readline/history.c:410:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). curlen = strlen (hent->line); data/bash-5.1~rc3/lib/readline/history.c:411:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). minlen = curlen + strlen (line) + 2; /* min space needed */ data/bash-5.1~rc3/lib/readline/history.h:53:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define HISTENT_BYTES(hs) (strlen ((hs)->line) + strlen ((hs)->timestamp)) data/bash-5.1~rc3/lib/readline/history.h:53:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define HISTENT_BYTES(hs) (strlen ((hs)->line) + strlen ((hs)->timestamp)) data/bash-5.1~rc3/lib/readline/histsearch.c:97:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_len = strlen (string); data/bash-5.1~rc3/lib/readline/histsearch.c:107:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line_index = strlen (line); data/bash-5.1~rc3/lib/readline/histsearch.c:208:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (string); data/bash-5.1~rc3/lib/readline/input.c:253:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). chars_avail = read (tty, &input, 1); data/bash-5.1~rc3/lib/readline/input.c:556:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). result = read (fileno (stream), &c, sizeof (unsigned char)); data/bash-5.1~rc3/lib/readline/isearch.c:158:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). searchlen = (search_string && *search_string) ? strlen (search_string) : 0; data/bash-5.1~rc3/lib/readline/isearch.c:167:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msglen = strlen (message); data/bash-5.1~rc3/lib/readline/isearch.c:235:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cxt->allocated_line = (char *)xmalloc (1 + strlen (rl_line_buffer)); data/bash-5.1~rc3/lib/readline/isearch.c:255:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cxt->sline_len = strlen (cxt->sline); data/bash-5.1~rc3/lib/readline/isearch.c:293:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cxt->sline_index = strlen (rl_line_buffer); data/bash-5.1~rc3/lib/readline/isearch.c:775:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cxt->sline_len = strlen (cxt->sline); data/bash-5.1~rc3/lib/readline/kill.c:134:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new = (char *)xmalloc (1 + strlen (old) + strlen (text)); data/bash-5.1~rc3/lib/readline/kill.c:134:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new = (char *)xmalloc (1 + strlen (old) + strlen (text)); data/bash-5.1~rc3/lib/readline/kill.c:515:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (rl_kill_ring[rl_kill_index]); data/bash-5.1~rc3/lib/readline/kill.c:547:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (rl_kill_ring[rl_kill_index]); data/bash-5.1~rc3/lib/readline/kill.c:854:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (ptr, data, len); data/bash-5.1~rc3/lib/readline/mbutil.c:180:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (string + point); data/bash-5.1~rc3/lib/readline/mbutil.c:219:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = mbrtowc (&wc, string + point, strlen (string + point), &ps); data/bash-5.1~rc3/lib/readline/mbutil.c:223:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = mbrtowc (&wc, string + point, strlen (string + point), &ps); data/bash-5.1~rc3/lib/readline/mbutil.c:302:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(string); data/bash-5.1~rc3/lib/readline/mbutil.c:365:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = (size_t)strlen (src); data/bash-5.1~rc3/lib/readline/mbutil.c:427:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(string); data/bash-5.1~rc3/lib/readline/mbutil.c:485:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (buf); data/bash-5.1~rc3/lib/readline/mbutil.c:489:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (buf+ind); data/bash-5.1~rc3/lib/readline/nls.c:259:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *lenp = strlen (language); data/bash-5.1~rc3/lib/readline/nls.c:284:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *lenp = strlen (language); data/bash-5.1~rc3/lib/readline/posixdir.h:31:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define D_NAMLEN(d) (strlen ((d)->d_name)) data/bash-5.1~rc3/lib/readline/readline.c:1202:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t += strlen (t) + 1; data/bash-5.1~rc3/lib/readline/readline.c:1208:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t += strlen (t) + 1; data/bash-5.1~rc3/lib/readline/rldefs.h:119:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define savestring(x) strcpy ((char *)xmalloc (1 + strlen (x)), (x)) data/bash-5.1~rc3/lib/readline/rldefs.h:152:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define RL_STRLEN(s) (((s) && (s)[0]) ? ((s)[1] ? ((s)[2] ? strlen(s) : 2) : 1) : 0) data/bash-5.1~rc3/lib/readline/savestring.c:37:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = (char *)xmalloc (strlen (s) + 1); data/bash-5.1~rc3/lib/readline/search.c:198:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rl_mark = ind + strlen (string); data/bash-5.1~rc3/lib/readline/search.c:618:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (history_search_string + sind, rl_line_buffer, rl_point); data/bash-5.1~rc3/lib/readline/shell.c:100:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = (char *)xmalloc (3 + (4 * strlen (string))); data/bash-5.1~rc3/lib/readline/text.c:90:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = (string && *string) ? strlen (string) : 0; data/bash-5.1~rc3/lib/readline/text.c:99:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (rl_line_buffer + rl_point, string, l); data/bash-5.1~rc3/lib/readline/text.c:215:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (text); data/bash-5.1~rc3/lib/readline/text.c:812:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (string + i, incoming, incoming_length); data/bash-5.1~rc3/lib/readline/text.c:846:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (string + i, incoming, incoming_length); data/bash-5.1~rc3/lib/readline/text.c:1349:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rl_comment_len = strlen (rl_comment_text); data/bash-5.1~rc3/lib/readline/text.c:1484:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (mb, rl_line_buffer + start, mlen = m); data/bash-5.1~rc3/lib/readline/tilde.c:68:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define savestring(x) strcpy ((char *)xmalloc (1 + strlen (x)), (x)) data/bash-5.1~rc3/lib/readline/tilde.c:135:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_len = strlen (string); data/bash-5.1~rc3/lib/readline/tilde.c:147:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp (string + i, prefixes[j], strlen (prefixes[j])) == 0) data/bash-5.1~rc3/lib/readline/tilde.c:149:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = strlen (prefixes[j]) - 1; data/bash-5.1~rc3/lib/readline/tilde.c:167:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_len = strlen (string); data/bash-5.1~rc3/lib/readline/tilde.c:180:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp (string + i, suffixes[j], strlen (suffixes[j])) == 0) data/bash-5.1~rc3/lib/readline/tilde.c:196:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = (char *)xmalloc (result_size = (strlen (string) + 16)); data/bash-5.1~rc3/lib/readline/tilde.c:198:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = (char *)xmalloc (result_size = (strlen (string) + 1)); data/bash-5.1~rc3/lib/readline/tilde.c:214:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (result + result_index, string, start); data/bash-5.1~rc3/lib/readline/tilde.c:230:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (tilde_word, string, end); data/bash-5.1~rc3/lib/readline/tilde.c:241:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (expansion); data/bash-5.1~rc3/lib/readline/tilde.c:271:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = (char *)xmalloc (strlen (fname)); data/bash-5.1~rc3/lib/readline/tilde.c:305:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (r, fname, x); data/bash-5.1~rc3/lib/readline/tilde.c:323:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen = (prefix && *prefix) ? strlen (prefix) : 0; data/bash-5.1~rc3/lib/readline/tilde.c:324:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (suffix + suffind); data/bash-5.1~rc3/lib/readline/util.c:157:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (copy, rl_line_buffer + from, length); data/bash-5.1~rc3/lib/readline/util.c:219:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (temp, rl_line_buffer + start, len); data/bash-5.1~rc3/lib/readline/util.c:325:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0, l = strlen (s2), len = strlen (s1); (len - i) >= l; i++) data/bash-5.1~rc3/lib/readline/util.c:325:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0, l = strlen (s2), len = strlen (s1); (len - i) >= l; i++) data/bash-5.1~rc3/lib/readline/util.c:462:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (strcpy ((char *)xmalloc (1 + (int)strlen (s)), (s))); data/bash-5.1~rc3/lib/readline/util.c:555:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen (string) + 1; data/bash-5.1~rc3/lib/readline/vi_mode.c:223:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nchars = strlen (vi_insert_buffer); data/bash-5.1~rc3/lib/readline/vi_mode.c:821:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (vi_insert_buffer, rl_line_buffer + start, len - 1); data/bash-5.1~rc3/lib/readline/vi_mode.c:2041:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (_rl_vi_last_replacement, mb, MB_LEN_MAX); data/bash-5.1~rc3/lib/readline/vi_mode.c:2065:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (mb, _rl_vi_last_replacement, MB_LEN_MAX); data/bash-5.1~rc3/lib/readline/vi_mode.c:2082:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (_rl_vi_last_replacement, mb, MB_LEN_MAX); data/bash-5.1~rc3/lib/sh/casemod.c:89:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (s); data/bash-5.1~rc3/lib/sh/casemod.c:133:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = strlen (string); data/bash-5.1~rc3/lib/sh/casemod.c:262:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (ret + retind, mb, mlen); data/bash-5.1~rc3/lib/sh/eaccess.c:113:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pbuf = xrealloc (pbuf, sizeof (DEV_FD_PREFIX) + strlen (path + 8)); data/bash-5.1~rc3/lib/sh/fmtulong.c:102:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy (buf, _("invalid base"), len - 1); data/bash-5.1~rc3/lib/sh/getenv.c:81:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0, len = strlen (name); environ[i]; i++) data/bash-5.1~rc3/lib/sh/mailstat.c:73:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(path) > sizeof(dir) - 5) data/bash-5.1~rc3/lib/sh/mailstat.c:128:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(file); data/bash-5.1~rc3/lib/sh/mailstat.c:133:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fn->d_name[0] == '.' || strlen(fn->d_name) + l >= sizeof(file)) data/bash-5.1~rc3/lib/sh/makepath.c:91:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pathlen = strlen (xpath); data/bash-5.1~rc3/lib/sh/makepath.c:105:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pathlen = strlen (xpath); data/bash-5.1~rc3/lib/sh/makepath.c:109:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dirlen = strlen (xdir); data/bash-5.1~rc3/lib/sh/mbscasecmp.c:61:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len1 = strlen (mbs1); data/bash-5.1~rc3/lib/sh/mbscasecmp.c:62:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = strlen (mbs2); data/bash-5.1~rc3/lib/sh/mbschr.c:66:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlength = strlen (s); data/bash-5.1~rc3/lib/sh/mbscmp.c:62:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len1 = strlen (mbs1); data/bash-5.1~rc3/lib/sh/mbscmp.c:63:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = strlen (mbs2); data/bash-5.1~rc3/lib/sh/netopen.c:299:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). np = (char *)xmalloc (strlen (path) + 1); data/bash-5.1~rc3/lib/sh/oslib.c:152:11: [1] (obsolete) ulimit: This C routine is considered obsolete (as opposed to the shell command by the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2), setrlimit(2), and sysconf(3) instead. return (ulimit (4, 0L)); /* System V.3 systems use ulimit(4, 0L) */ data/bash-5.1~rc3/lib/sh/oslib.c:208:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen (ut.nodename) + 1; data/bash-5.1~rc3/lib/sh/oslib.c:209:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (name, ut.nodename, i < namelen ? i : namelen); data/bash-5.1~rc3/lib/sh/oslib.c:219:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy (name, "unknown", namelen); data/bash-5.1~rc3/lib/sh/pathcanon.c:230:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove (result, result + 1, strlen (result + 1) + 1); data/bash-5.1~rc3/lib/sh/pathphys.c:83:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). linklen = strlen (path); data/bash-5.1~rc3/lib/sh/pathphys.c:193:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (p) + linklen + 2) >= PATH_MAX) data/bash-5.1~rc3/lib/sh/pathphys.c:248:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove (result, result + 1, strlen (result + 1) + 1); data/bash-5.1~rc3/lib/sh/pathphys.c:286:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (resolved, wd, PATH_MAX - 1); data/bash-5.1~rc3/lib/sh/random.c:216:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (urandfd >= 0 && (r = read (urandfd, buf, len)) == len) data/bash-5.1~rc3/lib/sh/shmatch.c:89:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). subexp_len = strlen (string) + 10; data/bash-5.1~rc3/lib/sh/shmatch.c:104:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (subexp_str, string + matches[subexp_ind].rm_so, data/bash-5.1~rc3/lib/sh/shquote.c:102:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = (char *)xmalloc (3 + (4 * strlen (string))); data/bash-5.1~rc3/lib/sh/shquote.c:145:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string); data/bash-5.1~rc3/lib/sh/shquote.c:149:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = (char *)xmalloc (3 + (2 * strlen (string))); data/bash-5.1~rc3/lib/sh/shquote.c:229:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r = result = (char *)xmalloc (strlen (string) + 1); data/bash-5.1~rc3/lib/sh/shquote.c:272:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string); data/bash-5.1~rc3/lib/sh/shquote.c:327:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string); data/bash-5.1~rc3/lib/sh/snprintf.c:732:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p->width -= strlen(tmp) + (base == 10 && d > 0 && (p->flags & PF_PLUS)); data/bash-5.1~rc3/lib/sh/snprintf.c:737:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p->precision -= strlen(tmp); data/bash-5.1~rc3/lib/sh/snprintf.c:807:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p->width -= strlen(tmp) + (base == 10 && d > 0 && (p->flags & PF_PLUS)); data/bash-5.1~rc3/lib/sh/snprintf.c:812:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p->precision -= strlen(tmp); data/bash-5.1~rc3/lib/sh/snprintf.c:854:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p->width -= strlen(tmp); data/bash-5.1~rc3/lib/sh/snprintf.c:878:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(tmp); data/bash-5.1~rc3/lib/sh/snprintf.c:1011:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = strlen(tmp2) - 1; i >= 0 && tmp2[i] == '0'; i--) data/bash-5.1~rc3/lib/sh/snprintf.c:1026:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tmp) - p->precision - data/bash-5.1~rc3/lib/sh/snprintf.c:1121:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = strlen(tmp2) - 1; i >= 0 && tmp2[i] == '0'; i--) data/bash-5.1~rc3/lib/sh/snprintf.c:1177:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (s); data/bash-5.1~rc3/lib/sh/snprintf.c:1214:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove (ret, re, strlen (re) + 1); data/bash-5.1~rc3/lib/sh/snprintf.c:1654:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (fmtbuf, fs, fl); data/bash-5.1~rc3/lib/sh/snprintf.c:1685:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (fmtbuf, fs, fl); data/bash-5.1~rc3/lib/sh/spell.c:197:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = (strlen (dirname) * 3 + 1) / 2 + 1; data/bash-5.1~rc3/lib/sh/strcasestr.c:40:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (s1); data/bash-5.1~rc3/lib/sh/strcasestr.c:41:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (s2); data/bash-5.1~rc3/lib/sh/strdup.c:36:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (s) + 1; data/bash-5.1~rc3/lib/sh/strftime.c:231:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strchr(format, '%') == NULL && strlen(format) + 1 >= maxsize) data/bash-5.1~rc3/lib/sh/strftime.c:247:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int tzlen = strlen(tz); data/bash-5.1~rc3/lib/sh/strftime.c:260:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(tz) + 1; data/bash-5.1~rc3/lib/sh/strftime.c:325:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(tbuf, "?"); data/bash-5.1~rc3/lib/sh/strftime.c:332:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(tbuf, "?"); data/bash-5.1~rc3/lib/sh/strftime.c:340:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(tbuf, "?"); data/bash-5.1~rc3/lib/sh/strftime.c:347:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(tbuf, "?"); data/bash-5.1~rc3/lib/sh/strftime.c:714:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(tbuf); data/bash-5.1~rc3/lib/sh/strtrans.c:246:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (str); data/bash-5.1~rc3/lib/sh/tmpfile.c:101:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (tdir && (file_iswdir (tdir) == 0 || strlen (tdir) > PATH_MAX)) data/bash-5.1~rc3/lib/sh/tmpfile.c:146:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tdlen = strlen (tdir); data/bash-5.1~rc3/lib/sh/tmpfile.c:152:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((flags & MT_TEMPLATE) && strlen (nameroot) > PATH_MAX) data/bash-5.1~rc3/lib/sh/tmpfile.c:200:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tdlen = strlen (tdir); data/bash-5.1~rc3/lib/sh/tmpfile.c:206:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((flags & MT_TEMPLATE) && strlen (nameroot) > PATH_MAX) data/bash-5.1~rc3/lib/sh/tmpfile.c:276:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tdlen = strlen (tdir); data/bash-5.1~rc3/lib/sh/tmpfile.c:282:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((flags & MT_TEMPLATE) && strlen (nameroot) > PATH_MAX) data/bash-5.1~rc3/lib/sh/unicode.c:83:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (charsetbuf, s+1, sizeof (charsetbuf) - 1); data/bash-5.1~rc3/lib/sh/unicode.c:90:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (charsetbuf, locale, sizeof (charsetbuf) - 1); data/bash-5.1~rc3/lib/sh/wcsdup.c:37:9: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = wcslen (ws); data/bash-5.1~rc3/lib/sh/zread.c:61:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((r = read (fd, buf, len)) < 0 && errno == EINTR) data/bash-5.1~rc3/lib/sh/zread.c:96:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read (fd, buf, len); data/bash-5.1~rc3/lib/sh/zread.c:117:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return (read (fd, buf, len)); data/bash-5.1~rc3/lib/termcap/termcap.c:412:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fab.fab$b_fns = strlen(fn); data/bash-5.1~rc3/lib/termcap/termcap.c:474:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). malloc_size = 1 + strlen (term); data/bash-5.1~rc3/lib/termcap/termcap.c:545:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). malloc_size = indirect ? strlen (tcenv) + 1 : buf.size; data/bash-5.1~rc3/lib/termcap/termcap.c:554:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bp1 += strlen (tcenv); data/bash-5.1~rc3/lib/termcap/termcap.c:754:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!(nread = read (fd, buf + bufp->full, bufp->size - bufp->full))) data/bash-5.1~rc3/lib/termcap/tparam.c:238:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). doup++, outend -= strlen (up); data/bash-5.1~rc3/lib/termcap/tparam.c:240:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). doleft++, outend -= strlen (left); data/bash-5.1~rc3/lib/tilde/tilde.c:68:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define savestring(x) strcpy ((char *)xmalloc (1 + strlen (x)), (x)) data/bash-5.1~rc3/lib/tilde/tilde.c:135:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_len = strlen (string); data/bash-5.1~rc3/lib/tilde/tilde.c:147:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp (string + i, prefixes[j], strlen (prefixes[j])) == 0) data/bash-5.1~rc3/lib/tilde/tilde.c:149:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = strlen (prefixes[j]) - 1; data/bash-5.1~rc3/lib/tilde/tilde.c:167:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_len = strlen (string); data/bash-5.1~rc3/lib/tilde/tilde.c:180:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp (string + i, suffixes[j], strlen (suffixes[j])) == 0) data/bash-5.1~rc3/lib/tilde/tilde.c:196:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = (char *)xmalloc (result_size = (strlen (string) + 16)); data/bash-5.1~rc3/lib/tilde/tilde.c:198:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = (char *)xmalloc (result_size = (strlen (string) + 1)); data/bash-5.1~rc3/lib/tilde/tilde.c:214:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (result + result_index, string, start); data/bash-5.1~rc3/lib/tilde/tilde.c:230:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (tilde_word, string, end); data/bash-5.1~rc3/lib/tilde/tilde.c:241:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (expansion); data/bash-5.1~rc3/lib/tilde/tilde.c:271:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = (char *)xmalloc (strlen (fname)); data/bash-5.1~rc3/lib/tilde/tilde.c:305:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (r, fname, x); data/bash-5.1~rc3/lib/tilde/tilde.c:323:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen = (prefix && *prefix) ? strlen (prefix) : 0; data/bash-5.1~rc3/lib/tilde/tilde.c:324:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (suffix + suffind); data/bash-5.1~rc3/locale.c:452:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen (translated); data/bash-5.1~rc3/mailcheck.c:353:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mp = (char *)xmalloc (2 + sizeof (DEFAULT_MAIL_DIRECTORY) + strlen (current_user.user_name)); data/bash-5.1~rc3/make_cmd.c:111:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string); data/bash-5.1~rc3/make_cmd.c:589:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). redir_len = strlen (redir_word); data/bash-5.1~rc3/make_cmd.c:643:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (line); data/bash-5.1~rc3/make_cmd.c:739:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wlen = strlen (w->word) - 1; data/bash-5.1~rc3/pathexp.c:76:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send = string + strlen (string); data/bash-5.1~rc3/pathexp.c:219:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp = (char *)xmalloc (2 * strlen (pathname) + 1); data/bash-5.1~rc3/pathexp.c:392:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string); data/bash-5.1~rc3/pathexp.c:682:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ivp->ignores[numitems].len = strlen (colon_bit); data/bash-5.1~rc3/pcomplete.c:926:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = split_at_delims (cs->words, strlen (cs->words), (char *)NULL, -1, 0, (int *)NULL, (int *)NULL); data/bash-5.1~rc3/pcomplete.c:1227:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen (cs->command); data/bash-5.1~rc3/pcomplete.c:1242:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen (t); data/bash-5.1~rc3/pcomplete.c:1675:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen (ntxt); data/bash-5.1~rc3/pcomplete.c:1678:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). olen = strlen (ocmd); data/bash-5.1~rc3/pcomplete.c:1680:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). llen = strlen (pcomp_line); data/bash-5.1~rc3/pcomplete.c:1684:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (nline, pcomp_line, start); data/bash-5.1~rc3/pcomplete.c:1685:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (nline + start, ntxt, nlen); data/bash-5.1~rc3/print_cmd.c:462:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ineed = (ps4_firstc_len * indirection_level) + strlen (ps4); data/bash-5.1~rc3/print_cmd.c:1420:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove (result + 2, result + 3, strlen (result) - 2); data/bash-5.1~rc3/print_cmd.c:1486:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). arg_len = strlen (control); data/bash-5.1~rc3/print_cmd.c:1514:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). arg_len = strlen (argp); data/bash-5.1~rc3/print_cmd.c:1530:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). arg_len = strlen (argp); data/bash-5.1~rc3/redir.c:872:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). alloca (1 + strlen (new_redirect->redirectee.filename->word)); data/bash-5.1~rc3/shell.c:1398:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nb += strlen (wl->word->word); data/bash-5.1~rc3/shell.c:1622:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). sample_len = read (fd, sample, sizeof (sample)); data/bash-5.1~rc3/siglist.c:222:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (char *)xmalloc (INT_STRLEN_BOUND (int) + 1 + strlen (_("Unknown Signal #%d"))); data/bash-5.1~rc3/stringlib.c:152:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). patlen = strlen (pat); data/bash-5.1~rc3/stringlib.c:153:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). replen = strlen (rep); data/bash-5.1~rc3/stringlib.c:194:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rlen = len + strlen (string) + 2; data/bash-5.1~rc3/stringlib.c:207:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen (t); data/bash-5.1~rc3/stringlib.c:253:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen (string); data/bash-5.1~rc3/subst.c:646:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string); data/bash-5.1~rc3/subst.c:689:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string); data/bash-5.1~rc3/subst.c:690:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sublen = strlen (substr); data/bash-5.1~rc3/subst.c:801:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = (MB_CUR_MAX > 1) ? strlen (string + *sindex) + *sindex : 0; data/bash-5.1~rc3/subst.c:868:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string + *sindex) + *sindex; data/bash-5.1~rc3/subst.c:1101:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = (MB_CUR_MAX > 1) ? strlen (string + *sindex) + *sindex : 0; data/bash-5.1~rc3/subst.c:1317:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string); data/bash-5.1~rc3/subst.c:1350:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string + *sindex) + *sindex; data/bash-5.1~rc3/subst.c:1492:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (result, string + *sindex, si); data/bash-5.1~rc3/subst.c:1521:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string + *sindex) + *sindex; data/bash-5.1~rc3/subst.c:1692:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string); data/bash-5.1~rc3/subst.c:1723:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp = (char *)xmalloc (1 + strlen (string)); data/bash-5.1~rc3/subst.c:1756:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string + start) + start; data/bash-5.1~rc3/subst.c:1873:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string + start) + start; data/bash-5.1~rc3/subst.c:2053:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string + start) + start; data/bash-5.1~rc3/subst.c:2175:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string); data/bash-5.1~rc3/subst.c:2229:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string); data/bash-5.1~rc3/subst.c:2230:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). olen = strlen (openstr); data/bash-5.1~rc3/subst.c:2308:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slength = strlen (delims); data/bash-5.1~rc3/subst.c:2489:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result_size += strlen (t->word->word); data/bash-5.1~rc3/subst.c:2507:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). word_len = strlen (t->word->word); data/bash-5.1~rc3/subst.c:3078:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s_len = strlen (s); data/bash-5.1~rc3/subst.c:3501:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = (MB_CUR_MAX > 1) ? strlen (string) : 0; data/bash-5.1~rc3/subst.c:3592:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = (MB_CUR_MAX > 1) ? strlen (string) : 0; data/bash-5.1~rc3/subst.c:3652:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r = ret = (char *)xmalloc (strlen (string) + 1); data/bash-5.1~rc3/subst.c:4097:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string); data/bash-5.1~rc3/subst.c:4177:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string); data/bash-5.1~rc3/subst.c:4266:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string); data/bash-5.1~rc3/subst.c:4421:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string); data/bash-5.1~rc3/subst.c:4456:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string); data/bash-5.1~rc3/subst.c:4746:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen (param); data/bash-5.1~rc3/subst.c:4952:9: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = wcslen (wpat); data/bash-5.1~rc3/subst.c:6771:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tt = (char *)xmalloc (2 + strlen (name)); data/bash-5.1~rc3/subst.c:7672:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = (char *)xmalloc (i + STRLEN (val) + strlen (v->name) + 16 + MAX_ATTRIBUTES); data/bash-5.1~rc3/subst.c:7721:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = (char *)xmalloc (i + STRLEN (val) + strlen (v->name) + 16); data/bash-5.1~rc3/subst.c:7741:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = (char *)xmalloc (strlen (temp) + 8); data/bash-5.1~rc3/subst.c:7777:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = ansiexpand (s, 0, strlen (s), (int *)0); data/bash-5.1~rc3/subst.c:8249:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send = string + strlen (string); data/bash-5.1~rc3/subst.c:8267:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rslen = strlen (rstr); data/bash-5.1~rc3/subst.c:8283:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (ret + rptr, str, l); data/bash-5.1~rc3/subst.c:8288:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (ret + rptr, rstr, rslen); data/bash-5.1~rc3/subst.c:8866:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = (char *)xrealloc (name, 3 + (strlen (temp1))); data/bash-5.1~rc3/subst.c:9003:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). number = strlen (temp1); data/bash-5.1~rc3/subst.c:9799:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t_index = strlen (temp2) - 1; data/bash-5.1~rc3/subst.c:10117:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_size = (mb_cur_max > 1) ? strlen (string) : 1; data/bash-5.1~rc3/subst.c:10970:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (string); data/bash-5.1~rc3/subst.c:11006:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r += strlen (r); data/bash-5.1~rc3/support/man2html.c:150:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *new = realloc(old, (strlen(old) + len + 1) * sizeof(char)); data/bash-5.1~rc3/support/man2html.c:192:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *new = stralloc(strlen(from)); data/bash-5.1~rc3/support/man2html.c:202:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(from); data/bash-5.1~rc3/support/man2html.c:204:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(to, from, n); data/bash-5.1~rc3/support/man2html.c:212:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int to_len = strlen(to); data/bash-5.1~rc3/support/man2html.c:215:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int from_len = strlen(from); data/bash-5.1~rc3/support/man2html.c:218:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(to + to_len, from, cp); data/bash-5.1~rc3/support/man2html.c:245:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) * 2 + 1 > MED_STR_MAX) { data/bash-5.1~rc3/support/man2html.c:251:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(str); i++) { data/bash-5.1~rc3/support/man2html.c:481:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(charb, "<", 4); data/bash-5.1~rc3/support/man2html.c:565:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out_length += strlen(c); data/bash-5.1~rc3/support/man2html.c:924:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(sizebuf); data/bash-5.1~rc3/support/man2html.c:1991:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (c); data/bash-5.1~rc3/support/man2html.c:2905:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(th_datestr, t, sizeof(th_datestr)); data/bash-5.1~rc3/support/man2html.c:2911:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(th_version, t, sizeof(th_version)); data/bash-5.1~rc3/support/man2html.c:2940:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). curpos += strlen(c); data/bash-5.1~rc3/support/man2html.c:3054:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). olen = strlen(de->st); data/bash-5.1~rc3/support/man2html.c:3692:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). deflen = strlen(owndef->st); data/bash-5.1~rc3/support/man2html.c:3717:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, c, 2); data/bash-5.1~rc3/support/man2html.c:3779:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffpos = strlen(buffer); data/bash-5.1~rc3/support/printenv.c:56:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (*argv); data/bash-5.1~rc3/support/xcase.c:82:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(inf)) != EOF) { data/bash-5.1~rc3/test.c:65:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define STRLEN(s) ((s)[0] ? ((s)[1] ? ((s)[2] ? strlen(s) : 2) : 1) : 0) data/bash-5.1~rc3/variables.c:393:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_length = strlen (string); data/bash-5.1~rc3/variables.c:432:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*string == '(' && string[1] == '[' && string[strlen (string) - 1] == ')') data/bash-5.1~rc3/variables.c:765:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (cdir); data/bash-5.1~rc3/variables.c:766:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = (char *)xmalloc (len + strlen (shell_name) + 1); data/bash-5.1~rc3/variables.c:4718:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_len = strlen (name); data/bash-5.1~rc3/y.tab.c:3801:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line_len = strlen (current_readline_line); data/bash-5.1~rc3/y.tab.c:4755:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (shell_input_line) : 0; data/bash-5.1~rc3/y.tab.c:5228:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (s); data/bash-5.1~rc3/y.tab.c:6030:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nestlen = strlen (nestret); data/bash-5.1~rc3/y.tab.c:6036:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nestlen = strlen (nestret); data/bash-5.1~rc3/y.tab.c:6682:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nestlen = strlen (nestret); data/bash-5.1~rc3/y.tab.c:6958:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (tokstr + 1, ttok, ttoklen - 1); data/bash-5.1~rc3/y.tab.c:6964:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (tokstr, ttok, ttoklen - 1); data/bash-5.1~rc3/y.tab.c:6970:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (tokstr + 1, ttok, ttoklen - 1); data/bash-5.1~rc3/y.tab.c:7486:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ttranslen = strlen (ttok); data/bash-5.1~rc3/y.tab.c:8136:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (octal_string, string, 3); data/bash-5.1~rc3/y.tab.c:8203:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). timefmt = xmalloc (strlen (string) + 3); data/bash-5.1~rc3/y.tab.c:8273:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen (t_string); data/bash-5.1~rc3/y.tab.c:8278:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (t_string, temp, tlen); data/bash-5.1~rc3/y.tab.c:8284:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp = fnx_fromfs (t_string, strlen (t_string)); data/bash-5.1~rc3/y.tab.c:8298:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove (t_string, t + 1, strlen (t)); /* strlen(t) to copy NULL */ data/bash-5.1~rc3/y.tab.c:8590:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). token_end = strlen (msg); data/bash-5.1~rc3/y.tab.c:8925:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *retlenp = (ret && *ret) ? strlen (ret) : 0; ANALYSIS SUMMARY: Hits = 1619 Lines analyzed = 170726 in approximately 4.37 seconds (39024 lines/second) Physical Source Lines of Code (SLOC) = 120778 Hits@level = [0] 919 [1] 630 [2] 566 [3] 48 [4] 362 [5] 13 Hits@level+ = [0+] 2538 [1+] 1619 [2+] 989 [3+] 423 [4+] 375 [5+] 13 Hits/KSLOC@level+ = [0+] 21.0138 [1+] 13.4048 [2+] 8.18858 [3+] 3.50229 [4+] 3.10487 [5+] 0.107635 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.