Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/bibutils-6.10/test/str_test.c
Examining data/bibutils-6.10/test/doi_test.c
Examining data/bibutils-6.10/test/entities_test.c
Examining data/bibutils-6.10/test/vplist_test.c
Examining data/bibutils-6.10/test/intlist_test.c
Examining data/bibutils-6.10/test/utf8_test.c
Examining data/bibutils-6.10/test/slist_test.c
Examining data/bibutils-6.10/lib/iso639_2.c
Examining data/bibutils-6.10/lib/bibl.h
Examining data/bibutils-6.10/lib/xml.h
Examining data/bibutils-6.10/lib/charsets.h
Examining data/bibutils-6.10/lib/bibformats.h
Examining data/bibutils-6.10/lib/bibtexin.c
Examining data/bibutils-6.10/lib/utf8.h
Examining data/bibutils-6.10/lib/nbibout.c
Examining data/bibutils-6.10/lib/slist.c
Examining data/bibutils-6.10/lib/vplist.h
Examining data/bibutils-6.10/lib/title.c
Examining data/bibutils-6.10/lib/endxmlin.c
Examining data/bibutils-6.10/lib/intlist.h
Examining data/bibutils-6.10/lib/bibtextypes.c
Examining data/bibutils-6.10/lib/type.c
Examining data/bibutils-6.10/lib/risin.c
Examining data/bibutils-6.10/lib/mycvout.c
Examining data/bibutils-6.10/lib/modsout.c
Examining data/bibutils-6.10/lib/copacin.c
Examining data/bibutils-6.10/lib/latex.c
Examining data/bibutils-6.10/lib/nbibtypes.c
Examining data/bibutils-6.10/lib/endout.c
Examining data/bibutils-6.10/lib/ristypes.c
Examining data/bibutils-6.10/lib/bu_auth.h
Examining data/bibutils-6.10/lib/wordout.c
Examining data/bibutils-6.10/lib/is_ws.c
Examining data/bibutils-6.10/lib/url.h
Examining data/bibutils-6.10/lib/unicode.h
Examining data/bibutils-6.10/lib/medin.c
Examining data/bibutils-6.10/lib/title.h
Examining data/bibutils-6.10/lib/isitypes.c
Examining data/bibutils-6.10/lib/name.h
Examining data/bibutils-6.10/lib/iso639_1.h
Examining data/bibutils-6.10/lib/str.c
Examining data/bibutils-6.10/lib/notes.h
Examining data/bibutils-6.10/lib/iso639_2.h
Examining data/bibutils-6.10/lib/gb18030_enumeration.c
Examining data/bibutils-6.10/lib/endtypes.c
Examining data/bibutils-6.10/lib/iso639_3.h
Examining data/bibutils-6.10/lib/bibdefs.h
Examining data/bibutils-6.10/lib/latex.h
Examining data/bibutils-6.10/lib/biblatexout.c
Examining data/bibutils-6.10/lib/latex_parse.h
Examining data/bibutils-6.10/lib/strsearch.h
Examining data/bibutils-6.10/lib/intlist.c
Examining data/bibutils-6.10/lib/marc_auth.h
Examining data/bibutils-6.10/lib/str.h
Examining data/bibutils-6.10/lib/modstypes.c
Examining data/bibutils-6.10/lib/xml.c
Examining data/bibutils-6.10/lib/modsin.c
Examining data/bibutils-6.10/lib/xml_encoding.c
Examining data/bibutils-6.10/lib/unicode.c
Examining data/bibutils-6.10/lib/latex_parse.c
Examining data/bibutils-6.10/lib/type.h
Examining data/bibutils-6.10/lib/bibutils.c
Examining data/bibutils-6.10/lib/adsout_journals.c
Examining data/bibutils-6.10/lib/iso639_1.c
Examining data/bibutils-6.10/lib/modstypes.h
Examining data/bibutils-6.10/lib/risout.c
Examining data/bibutils-6.10/lib/isiin.c
Examining data/bibutils-6.10/lib/generic.h
Examining data/bibutils-6.10/lib/entities.c
Examining data/bibutils-6.10/lib/str_conv.c
Examining data/bibutils-6.10/lib/fields.h
Examining data/bibutils-6.10/lib/name.c
Examining data/bibutils-6.10/lib/slist.h
Examining data/bibutils-6.10/lib/utf8.c
Examining data/bibutils-6.10/lib/serialno.c
Examining data/bibutils-6.10/lib/reftypes.h
Examining data/bibutils-6.10/lib/bu_auth.c
Examining data/bibutils-6.10/lib/str_conv.h
Examining data/bibutils-6.10/lib/serialno.h
Examining data/bibutils-6.10/lib/gb18030.c
Examining data/bibutils-6.10/lib/nbibin.c
Examining data/bibutils-6.10/lib/is_ws.h
Examining data/bibutils-6.10/lib/bibl.c
Examining data/bibutils-6.10/lib/gb18030.h
Examining data/bibutils-6.10/lib/pages.h
Examining data/bibutils-6.10/lib/url.c
Examining data/bibutils-6.10/lib/copactypes.c
Examining data/bibutils-6.10/lib/bibtexout.c
Examining data/bibutils-6.10/lib/ebiin.c
Examining data/bibutils-6.10/lib/xml_encoding.h
Examining data/bibutils-6.10/lib/strsearch.c
Examining data/bibutils-6.10/lib/vplist.c
Examining data/bibutils-6.10/lib/notes.c
Examining data/bibutils-6.10/lib/isiout.c
Examining data/bibutils-6.10/lib/reftypes.c
Examining data/bibutils-6.10/lib/iso639_3.c
Examining data/bibutils-6.10/lib/bltypes.c
Examining data/bibutils-6.10/lib/wordin.c
Examining data/bibutils-6.10/lib/biblatexin.c
Examining data/bibutils-6.10/lib/bibcore.c
Examining data/bibutils-6.10/lib/adsout.c
Examining data/bibutils-6.10/lib/pages.c
Examining data/bibutils-6.10/lib/endin.c
Examining data/bibutils-6.10/lib/entities.h
Examining data/bibutils-6.10/lib/fields.c
Examining data/bibutils-6.10/lib/bibutils.h
Examining data/bibutils-6.10/lib/generic.c
Examining data/bibutils-6.10/lib/marc_auth.c
Examining data/bibutils-6.10/lib/charsets.c
Examining data/bibutils-6.10/bin/endx2xml.c
Examining data/bibutils-6.10/bin/modsclean.c
Examining data/bibutils-6.10/bin/bibprog.h
Examining data/bibutils-6.10/bin/tomods.h
Examining data/bibutils-6.10/bin/med2xml.c
Examining data/bibutils-6.10/bin/bib2xml.c
Examining data/bibutils-6.10/bin/xml2wordbib.c
Examining data/bibutils-6.10/bin/xml2biblatex.c
Examining data/bibutils-6.10/bin/args.c
Examining data/bibutils-6.10/bin/biblatex2xml.c
Examining data/bibutils-6.10/bin/bibprog.c
Examining data/bibutils-6.10/bin/xml2ris.c
Examining data/bibutils-6.10/bin/xml2ads.c
Examining data/bibutils-6.10/bin/bibdiff.c
Examining data/bibutils-6.10/bin/xml2end.c
Examining data/bibutils-6.10/bin/xml2nbib.c
Examining data/bibutils-6.10/bin/end2xml.c
Examining data/bibutils-6.10/bin/args.h
Examining data/bibutils-6.10/bin/xml2isi.c
Examining data/bibutils-6.10/bin/nbib2xml.c
Examining data/bibutils-6.10/bin/isi2xml.c
Examining data/bibutils-6.10/bin/wordbib2xml.c
Examining data/bibutils-6.10/bin/xml2bib.c
Examining data/bibutils-6.10/bin/tomods.c
Examining data/bibutils-6.10/bin/ebi2xml.c
Examining data/bibutils-6.10/bin/copac2xml.c
Examining data/bibutils-6.10/bin/ris2xml.c

FINAL RESULTS:

data/bibutils-6.10/lib/adsout.c:328:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf( outstr, "%02d/%s", month, str_cstr( year ) );
data/bibutils-6.10/lib/bibcore.c:913:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf( outfile,"%s.%s",(char*)fields_value(reffields,found,FIELDS_CHRP_NOUSE), suffix );
data/bibutils-6.10/lib/bibcore.c:914:10:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	} else  sprintf( outfile,"%ld.%s",nref, suffix );
data/bibutils-6.10/lib/bibcore.c:922:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf( outfile, "%s_%ld.%s", (char*)fields_value( reffields, found, FIELDS_CHRP_NOUSE ), count, suffix );
data/bibutils-6.10/lib/bibcore.c:923:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		else sprintf( outfile,"%ld_%ld.%s", nref, count, suffix );
data/bibutils-6.10/lib/biblatexout.c:509:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( date, "DATE:%s", date_element );
data/bibutils-6.10/lib/biblatexout.c:513:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf( partdate, "PARTDATE:%s", date_element );
data/bibutils-6.10/lib/bibtexout.c:485:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( date, "DATE:%s", date_element );
data/bibutils-6.10/lib/bibtexout.c:489:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf( partdate, "PARTDATE:%s", date_element );
data/bibutils-6.10/bin/bibdiff.c:250:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen( argv[1], "r" );
data/bibutils-6.10/bin/bibdiff.c:264:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen( argv[2], "r" );
data/bibutils-6.10/bin/bibprog.c:26:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			fp = fopen( argv[i], "r" );
data/bibutils-6.10/lib/adsout.c:299:47:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if ( isdigit( (unsigned char)m[0] ) ) return atoi( m );
data/bibutils-6.10/lib/adsout.c:322:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char outstr[1000];
data/bibutils-6.10/lib/adsout.c:339:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[6];
data/bibutils-6.10/lib/adsout.c:342:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buf, "%I64d", n );
data/bibutils-6.10/lib/adsout.c:344:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buf, "%lld", n );
data/bibutils-6.10/lib/adsout.c:477:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char outstr[20], ch;
data/bibutils-6.10/lib/adsout.c:481:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy( outstr, "..................." );
data/bibutils-6.10/lib/adsout.c:486:57:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if ( n!=FIELDS_NOTFOUND ) output_4digit_value( outstr, atoi( fields_value( in, n, FIELDS_CHRP ) ) );
data/bibutils-6.10/lib/adsout.c:500:59:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if ( n!=FIELDS_NOTFOUND ) output_4digit_value( outstr+9, atoi( fields_value( in, n, FIELDS_CHRP ) ) );
data/bibutils-6.10/lib/bibcore.c:451:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256]="";
data/bibutils-6.10/lib/bibcore.c:560:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/bibutils-6.10/lib/bibcore.c:572:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "_%ld", i+1 );
data/bibutils-6.10/lib/bibcore.c:587:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *p, buf[100];
data/bibutils-6.10/lib/bibcore.c:621:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "ref%ld", nref );
data/bibutils-6.10/lib/bibcore.c:898:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char outfile[2048];
data/bibutils-6.10/lib/bibcore.c:899:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char suffix[5] = "xml";
data/bibutils-6.10/lib/bibcore.c:903:39:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	if      ( mode==BIBL_ADSABSOUT )     strcpy( suffix, "ads" );
data/bibutils-6.10/lib/bibcore.c:904:39:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	else if ( mode==BIBL_BIBTEXOUT )     strcpy( suffix, "bib" );
data/bibutils-6.10/lib/bibcore.c:905:39:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	else if ( mode==BIBL_ENDNOTEOUT )    strcpy( suffix, "end" );
data/bibutils-6.10/lib/bibcore.c:906:39:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	else if ( mode==BIBL_ISIOUT )        strcpy( suffix, "isi" );
data/bibutils-6.10/lib/bibcore.c:907:39:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	else if ( mode==BIBL_MODSOUT )       strcpy( suffix, "xml" );
data/bibutils-6.10/lib/bibcore.c:908:39:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	else if ( mode==BIBL_RISOUT )        strcpy( suffix, "ris" );
data/bibutils-6.10/lib/bibcore.c:909:39:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	else if ( mode==BIBL_WORD2007OUT )   strcpy( suffix, "xml" );
data/bibutils-6.10/lib/bibcore.c:916:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen( outfile, "r" );
data/bibutils-6.10/lib/bibcore.c:924:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fp = fopen( outfile, "r" );
data/bibutils-6.10/lib/bibcore.c:926:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	return fopen( outfile, "w" );
data/bibutils-6.10/lib/biblatexout.c:170:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *typenames[ NUM_TYPES ] = {
data/bibutils-6.10/lib/biblatexout.c:506:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char date[100], partdate[100];
data/bibutils-6.10/lib/biblatexout.c:523:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *months[12] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", 
data/bibutils-6.10/lib/biblatexout.c:540:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		month = atoi( fields_value( in, n, FIELDS_CHRP ) );
data/bibutils-6.10/lib/bibtexout.c:157:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *typenames[ NUM_TYPES ] = {
data/bibutils-6.10/lib/bibtexout.c:482:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char date[100], partdate[100];
data/bibutils-6.10/lib/bibtexout.c:499:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *months[12] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", 
data/bibutils-6.10/lib/bibtexout.c:516:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		month = atoi( fields_value( in, n, FIELDS_CHRP ) );
data/bibutils-6.10/lib/charsets.c:25:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmdname[15];
data/bibutils-6.10/lib/charsets.c:26:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char descriptname[200];
data/bibutils-6.10/lib/charsets.c:27:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char aliases[CHARSET_NALIASES][25];
data/bibutils-6.10/lib/endin.c:398:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *month1[12]={
data/bibutils-6.10/lib/endin.c:406:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *month2[12]={
data/bibutils-6.10/lib/endin.c:424:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( out, "%d", found+1 );
data/bibutils-6.10/lib/endin.c:426:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( out, "0%d", found+1 );
data/bibutils-6.10/lib/endin.c:434:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *tags[3][2] = {
data/bibutils-6.10/lib/endin.c:440:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char month[10], *m;
data/bibutils-6.10/lib/endout.c:521:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *months[12] = { "January", "February", "March", "April",
data/bibutils-6.10/lib/endout.c:533:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			m = atoi( month );
data/bibutils-6.10/lib/entities.c:17:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char html[20];
data/bibutils-6.10/lib/gb18030.c:34:62:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
gb18030_unicode_table_lookup( unsigned int unicode, unsigned char out[4] )
data/bibutils-6.10/lib/gb18030.c:76:62:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
gb18030_unicode_range_lookup( unsigned int unicode, unsigned char out[4] ) 
data/bibutils-6.10/lib/gb18030.c:128:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
gb18030_encode( unsigned int unicode, unsigned char out[4] )
data/bibutils-6.10/lib/gb18030.c:149:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char uc[4];
data/bibutils-6.10/lib/gb18030.c:151:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	uc[0] = ( unsigned char ) s[i];
data/bibutils-6.10/lib/gb18030.c:159:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		uc[1] = ( unsigned char ) s[i+1];
data/bibutils-6.10/lib/gb18030.c:160:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		uc[2] = ( unsigned char ) s[i+2];
data/bibutils-6.10/lib/gb18030.c:161:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		uc[3]= ( unsigned char ) s[i+3];
data/bibutils-6.10/lib/gb18030.h:12:59:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern int gb18030_encode( unsigned int unicode, unsigned char out[4] );
data/bibutils-6.10/lib/gb18030_enumeration.c:5:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char bytes[4];
data/bibutils-6.10/lib/isiin.c:80:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	if ( !isupper( (unsigned char )buf[0] ) ) return 0;
data/bibutils-6.10/lib/isiin.c:81:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	if ( !( isupper( (unsigned char )buf[1] ) || isdigit( (unsigned char )buf[1] ) ) ) return 0;
data/bibutils-6.10/lib/isiin.c:81:66:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	if ( !( isupper( (unsigned char )buf[1] ) || isdigit( (unsigned char )buf[1] ) ) ) return 0;
data/bibutils-6.10/lib/modsin.c:261:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *titletag[2][2] = {
data/bibutils-6.10/lib/modsout.c:387:46:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
find_datepos( fields *f, int level, unsigned char use_altnames, int datepos[NUM_DATE_TYPES] )
data/bibutils-6.10/lib/modsout.c:448:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		fprintf( outptr, "%s", (char *) fields_value( f, pos[i], FIELDS_CHRP ) );
data/bibutils-6.10/lib/modsout.c:459:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		fprintf( outptr, "%s", (char *) fields_value( f, pos[ DATE_ALL ], FIELDS_CHRP ) );
data/bibutils-6.10/lib/modsout.c:665:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		fprintf( outptr, "%s", (char *) fields_value( f, parts[0].pos, FIELDS_CHRP ) );
data/bibutils-6.10/lib/modsout.c:669:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		fprintf( outptr, "-%s", (char *) fields_value( f, parts[1].pos, FIELDS_CHRP ) );
data/bibutils-6.10/lib/modsout.c:675:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		fprintf( outptr, "-%s", (char *) fields_value( f, parts[2].pos, FIELDS_CHRP ) );
data/bibutils-6.10/lib/mycvout.c:381:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *months[12] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", 
data/bibutils-6.10/lib/mycvout.c:393:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		month = atoi( info->data[n].data );
data/bibutils-6.10/lib/name.c:171:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char utf8s[7];
data/bibutils-6.10/lib/reftypes.h:54:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char    type[25];
data/bibutils-6.10/lib/risin.c:93:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	if ( !isupper( (unsigned char )buf[0] ) ) return 0;
data/bibutils-6.10/lib/risin.c:94:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	if ( !( isupper( (unsigned char )buf[1] ) || isdigit( (unsigned char )buf[1] ) ) ) return 0;
data/bibutils-6.10/lib/risin.c:94:66:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	if ( !( isupper( (unsigned char )buf[1] ) || isdigit( (unsigned char )buf[1] ) ) ) return 0;
data/bibutils-6.10/lib/risout.c:119:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *typenames[ NUM_TYPES ] = {
data/bibutils-6.10/lib/risout.c:337:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *typenames[ NUM_TYPES ] = {
data/bibutils-6.10/lib/slist.c:741:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen( filename, "r" );
data/bibutils-6.10/lib/str.c:631:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char empty[2] = "";
data/bibutils-6.10/lib/str_conv.c:26:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/bibutils-6.10/lib/str_conv.c:27:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buf, "&#%u;", ch );
data/bibutils-6.10/lib/str_conv.c:54:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char code[6];
data/bibutils-6.10/lib/str_conv.c:69:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char code[4];
data/bibutils-6.10/lib/str_conv.c:84:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/bibutils-6.10/lib/utf8.c:25:42:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
utf8_build( unsigned int value, unsigned char out[6], int in_pos, int out_pos )
data/bibutils-6.10/lib/utf8.c:49:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
utf8_encode( unsigned int value, unsigned char out[6] )
data/bibutils-6.10/lib/utf8.c:85:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
utf8_encode_str( unsigned int value, char outstr[7] )
data/bibutils-6.10/lib/utf8.c:87:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char encoded[6];
data/bibutils-6.10/lib/utf8.c:91:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		outstr[i] = ( char ) encoded[i];
data/bibutils-6.10/lib/utf8.c:146:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char code[6];
data/bibutils-6.10/lib/utf8.c:172:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char emdash[3] = { -30, -128, -108 };
data/bibutils-6.10/lib/utf8.c:184:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char endash[3] = { -30, -128, -109 };
data/bibutils-6.10/lib/utf8.h:14:56:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int          utf8_encode( unsigned int value, unsigned char out[6] );
data/bibutils-6.10/lib/utf8.h:15:51:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void         utf8_encode_str( unsigned int value, char outstr[7] );
data/bibutils-6.10/test/entities_test.c:20:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/bibutils-6.10/test/entities_test.c:24:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "&#%u;*", i );
data/bibutils-6.10/test/entities_test.c:53:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/bibutils-6.10/test/entities_test.c:57:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "&#%u;*", i );
data/bibutils-6.10/test/entities_test.c:69:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "&#%u ;", i );
data/bibutils-6.10/test/entities_test.c:86:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/bibutils-6.10/test/entities_test.c:90:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "&#x%x;*", i );
data/bibutils-6.10/test/slist_test.c:642:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1000];
data/bibutils-6.10/test/slist_test.c:656:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "Test%d", i );
data/bibutils-6.10/test/slist_test.c:665:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "Test%d", i );
data/bibutils-6.10/test/slist_test.c:682:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1000];
data/bibutils-6.10/test/slist_test.c:690:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "Test%d", i );
data/bibutils-6.10/test/slist_test.c:705:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "Test%d", i );
data/bibutils-6.10/test/slist_test.c:725:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1000];
data/bibutils-6.10/test/slist_test.c:731:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "ToBeCopied%d", i );
data/bibutils-6.10/test/slist_test.c:741:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "ToBeCopied%d", i );
data/bibutils-6.10/test/slist_test.c:749:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "ToBeOverwritten%d", i );
data/bibutils-6.10/test/slist_test.c:754:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "ToBeOverwritten%d", i );
data/bibutils-6.10/test/slist_test.c:768:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "ToBeCopied%d", i );
data/bibutils-6.10/test/slist_test.c:1546:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[512];
data/bibutils-6.10/test/slist_test.c:1553:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( filename, "test_slist.%lu", val );
data/bibutils-6.10/test/slist_test.c:1555:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen( filename, "w" );
data/bibutils-6.10/test/slist_test.c:1614:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[512];
data/bibutils-6.10/test/slist_test.c:1621:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( filename, "test_slist.%lu", val );
data/bibutils-6.10/test/slist_test.c:1623:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen( filename, "w" );
data/bibutils-6.10/test/slist_test.c:1667:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1000];
data/bibutils-6.10/test/slist_test.c:1680:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "a_entry%d\n", i );
data/bibutils-6.10/test/slist_test.c:1684:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "b_entry%d\n", i );
data/bibutils-6.10/test/slist_test.c:1688:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "c_entry%d\n", i );
data/bibutils-6.10/test/slist_test.c:1698:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "a_entry%d\n", i );
data/bibutils-6.10/test/slist_test.c:1702:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "b_entry%d\n", i );
data/bibutils-6.10/test/slist_test.c:1706:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "c_entry%d\n", i );
data/bibutils-6.10/test/utf8_test.c:18:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char ubuf[512];
data/bibutils-6.10/test/utf8_test.c:19:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/bibutils-6.10/test/vplist_test.c:77:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256];
data/bibutils-6.10/test/vplist_test.c:82:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "%c", '0' + i );
data/bibutils-6.10/test/vplist_test.c:105:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256];
data/bibutils-6.10/test/vplist_test.c:110:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "%c", 'a' + i );
data/bibutils-6.10/test/vplist_test.c:168:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *s[LENS];
data/bibutils-6.10/test/vplist_test.c:246:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *s[LENS], *t[LENT];
data/bibutils-6.10/test/vplist_test.c:298:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *s[LENS], *t[LENT];
data/bibutils-6.10/test/vplist_test.c:358:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *s[LENS], *t[LENT];
data/bibutils-6.10/test/vplist_test.c:414:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *s[LENS];
data/bibutils-6.10/test/vplist_test.c:450:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *s[LENS], *t[LENS], buf[256];
data/bibutils-6.10/test/vplist_test.c:463:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "%c", 'a' + i );
data/bibutils-6.10/test/vplist_test.c:495:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *s[LENS];
data/bibutils-6.10/test/vplist_test.c:536:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *s[LENS], *t[LENT], buf[256];
data/bibutils-6.10/test/vplist_test.c:549:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "%c", 'a' + i );
data/bibutils-6.10/test/vplist_test.c:589:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *s[LENS];
data/bibutils-6.10/test/vplist_test.c:642:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *s[LENS];
data/bibutils-6.10/test/vplist_test.c:727:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *s[LENS];
data/bibutils-6.10/lib/adsout.c:346:23:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	if ( n < 10 )        strncpy( pos+3, buf, 1 );
data/bibutils-6.10/lib/adsout.c:347:23:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	else if ( n < 100 )  strncpy( pos+2, buf, 2 );
data/bibutils-6.10/lib/adsout.c:348:23:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	else if ( n < 1000 ) strncpy( pos+1, buf, 3 );
data/bibutils-6.10/lib/adsout.c:349:23:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	else                 strncpy( pos,   buf, 4 );
data/bibutils-6.10/lib/biblatexout.c:833:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = (value) ? strlen( value ) : 0;
data/bibutils-6.10/lib/biblatexout.c:853:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen( tag );
data/bibutils-6.10/lib/biblatexout.c:863:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen( value );
data/bibutils-6.10/lib/bibtexin.c:1058:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int n = strlen( p ) - 1;
data/bibutils-6.10/lib/bibtexout.c:797:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = (value) ? strlen( value ) : 0;
data/bibutils-6.10/lib/bibtexout.c:817:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen( tag );
data/bibutils-6.10/lib/bibtexout.c:827:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen( value );
data/bibutils-6.10/lib/entities.c:293:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen( e );
data/bibutils-6.10/lib/mycvout.c:191:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen( s );
data/bibutils-6.10/lib/mycvout.c:208:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen( tag );
data/bibutils-6.10/lib/mycvout.c:218:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen( data );
data/bibutils-6.10/lib/nbibin.c:176:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		else if ( inref && strlen( p ) >= 6 ) {
data/bibutils-6.10/lib/nbibin.c:400:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ( strlen( outtag ) > 0 ) {
data/bibutils-6.10/lib/reftypes.c:25:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ( !strncasecmp( all[i].type, p, strlen(all[i].type) ) ) 
data/bibutils-6.10/lib/risout.c:561:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen( scheme[i] );
data/bibutils-6.10/lib/str.c:358:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	lenaddstr = strlen( addstr );
data/bibutils-6.10/lib/str.c:369:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy( s->data, addstr, lenaddstr );
data/bibutils-6.10/lib/str.c:389:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat( &(s->data[s->len]), addstr, n );
data/bibutils-6.10/lib/str.c:407:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen( from );
data/bibutils-6.10/lib/str.c:498:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy( s->data, p, n );
data/bibutils-6.10/lib/str.c:518:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen( from );
data/bibutils-6.10/lib/str.c:643:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	find_len = strlen( find );
data/bibutils-6.10/lib/str.c:644:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	rep_len  = strlen( replace );
data/bibutils-6.10/lib/str.c:650:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		curr_len = strlen(s->data);
data/bibutils-6.10/lib/str.c:1036:8:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		ch = fgetc( fp );
data/bibutils-6.10/lib/str.c:1043:9:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			ch = fgetc( fp );
data/bibutils-6.10/lib/url.c:102:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	patlen = strlen( pattern );
data/bibutils-6.10/lib/url.c:103:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ( strlen( s ) < patlen ) return 0; /* too short */
data/bibutils-6.10/lib/wordout.c:302:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ( mainttl[ strlen( mainttl ) - 1 ] != '?' )
data/bibutils-6.10/lib/xml.c:324:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ( node->tag.len!=strlen( tag ) ) return 0;
data/bibutils-6.10/test/slist_test.c:1739:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	check( (n==strlen("churlish")), "slist_get_maxlen() should return length of 'churlish'" );
data/bibutils-6.10/test/slist_test.c:1745:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	check( (n==strlen("churlish")), "slist_get_maxlen() should return length of 'churlish'" );
data/bibutils-6.10/test/slist_test.c:1751:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	check( (n==strlen("amateurish")), "slist_get_maxlen() should return length of 'amateurish'" );
data/bibutils-6.10/test/str_test.c:32:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ( s->len != strlen( s->data ) ) {
data/bibutils-6.10/test/str_test.c:33:102:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			fprintf(stdout,"%s line %lu: failed consistency check found strlen=%d, s->len=%ld\n",fn,line,(int)strlen(s->data),s->len);
data/bibutils-6.10/test/str_test.c:43:96:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		fprintf(stdout,"%s line %lu: failed consistency check found %d, expected %lu\n",fn,line,(int)strlen(s->data),numchars);
data/bibutils-6.10/test/str_test.c:590:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ( string_mismatch( s, strlen(str1)-1, "Col1\tCol2\tCol3" ) ) failed++;
data/bibutils-6.10/test/str_test.c:597:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ( string_mismatch( s, strlen(str1), "Col1\tCol2\tCol3\n" ) ) failed++;
data/bibutils-6.10/test/str_test.c:611:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ( string_mismatch( s, strlen(str2), str2 ) ) failed++;
data/bibutils-6.10/test/str_test.c:674:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ( string_mismatch( dup, strlen(str1), str1 ) ) failed++;
data/bibutils-6.10/test/str_test.c:683:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ( string_mismatch( dup, strlen(str2), str2 ) ) failed++;
data/bibutils-6.10/test/str_test.c:702:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ( string_mismatch( s, strlen(str1), "ABCDE_ABCDE_12345" ) ) failed++;
data/bibutils-6.10/test/str_test.c:706:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ( string_mismatch( s, strlen(str2), str2 ) ) failed++;
data/bibutils-6.10/test/str_test.c:724:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ( string_mismatch( s, strlen(str1), "abcde_abcde_12345" ) ) failed++;
data/bibutils-6.10/test/str_test.c:728:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ( string_mismatch( s, strlen(str2), str2 ) ) failed++;
data/bibutils-6.10/test/str_test.c:756:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ( string_mismatch( s, strlen("ksjadfk    lajskfjds      askdjflkj   "), "ksjadfk    lajskfjds      askdjflkj   " ) ) failed++;
data/bibutils-6.10/test/str_test.c:758:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ( string_mismatch( s, strlen("ksjadfk    lajskfjds      askdjflkj"), "ksjadfk    lajskfjds      askdjflkj" ) ) failed++;
data/bibutils-6.10/test/str_test.c:762:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ( string_mismatch( s, strlen("      ksjadfk    lajskfjds      askdjflkj"), "      ksjadfk    lajskfjds      askdjflkj" ) ) failed++;
data/bibutils-6.10/test/str_test.c:764:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ( string_mismatch( s, strlen("ksjadfk    lajskfjds      askdjflkj"), "ksjadfk    lajskfjds      askdjflkj" ) ) failed++;
data/bibutils-6.10/test/str_test.c:776:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ( string_mismatch( s, strlen("ksjadfklajskfjdsaskdjflkj"), "ksjadfklajskfjdsaskdjflkj" ) ) failed++;

ANALYSIS SUMMARY:

Hits = 209
Lines analyzed = 117698 in approximately 4.17 seconds (28247 lines/second)
Physical Source Lines of Code (SLOC) = 109491
Hits@level = [0] 686 [1]  54 [2] 146 [3]   0 [4]   9 [5]   0
Hits@level+ = [0+] 895 [1+] 209 [2+] 155 [3+]   9 [4+]   9 [5+]   0
Hits/KSLOC@level+ = [0+] 8.17419 [1+] 1.90883 [2+] 1.41564 [3+] 0.0821985 [4+] 0.0821985 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.