Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/bibutils-6.10/test/str_test.c Examining data/bibutils-6.10/test/doi_test.c Examining data/bibutils-6.10/test/entities_test.c Examining data/bibutils-6.10/test/vplist_test.c Examining data/bibutils-6.10/test/intlist_test.c Examining data/bibutils-6.10/test/utf8_test.c Examining data/bibutils-6.10/test/slist_test.c Examining data/bibutils-6.10/lib/iso639_2.c Examining data/bibutils-6.10/lib/bibl.h Examining data/bibutils-6.10/lib/xml.h Examining data/bibutils-6.10/lib/charsets.h Examining data/bibutils-6.10/lib/bibformats.h Examining data/bibutils-6.10/lib/bibtexin.c Examining data/bibutils-6.10/lib/utf8.h Examining data/bibutils-6.10/lib/nbibout.c Examining data/bibutils-6.10/lib/slist.c Examining data/bibutils-6.10/lib/vplist.h Examining data/bibutils-6.10/lib/title.c Examining data/bibutils-6.10/lib/endxmlin.c Examining data/bibutils-6.10/lib/intlist.h Examining data/bibutils-6.10/lib/bibtextypes.c Examining data/bibutils-6.10/lib/type.c Examining data/bibutils-6.10/lib/risin.c Examining data/bibutils-6.10/lib/mycvout.c Examining data/bibutils-6.10/lib/modsout.c Examining data/bibutils-6.10/lib/copacin.c Examining data/bibutils-6.10/lib/latex.c Examining data/bibutils-6.10/lib/nbibtypes.c Examining data/bibutils-6.10/lib/endout.c Examining data/bibutils-6.10/lib/ristypes.c Examining data/bibutils-6.10/lib/bu_auth.h Examining data/bibutils-6.10/lib/wordout.c Examining data/bibutils-6.10/lib/is_ws.c Examining data/bibutils-6.10/lib/url.h Examining data/bibutils-6.10/lib/unicode.h Examining data/bibutils-6.10/lib/medin.c Examining data/bibutils-6.10/lib/title.h Examining data/bibutils-6.10/lib/isitypes.c Examining data/bibutils-6.10/lib/name.h Examining data/bibutils-6.10/lib/iso639_1.h Examining data/bibutils-6.10/lib/str.c Examining data/bibutils-6.10/lib/notes.h Examining data/bibutils-6.10/lib/iso639_2.h Examining data/bibutils-6.10/lib/gb18030_enumeration.c Examining data/bibutils-6.10/lib/endtypes.c Examining data/bibutils-6.10/lib/iso639_3.h Examining data/bibutils-6.10/lib/bibdefs.h Examining data/bibutils-6.10/lib/latex.h Examining data/bibutils-6.10/lib/biblatexout.c Examining data/bibutils-6.10/lib/latex_parse.h Examining data/bibutils-6.10/lib/strsearch.h Examining data/bibutils-6.10/lib/intlist.c Examining data/bibutils-6.10/lib/marc_auth.h Examining data/bibutils-6.10/lib/str.h Examining data/bibutils-6.10/lib/modstypes.c Examining data/bibutils-6.10/lib/xml.c Examining data/bibutils-6.10/lib/modsin.c Examining data/bibutils-6.10/lib/xml_encoding.c Examining data/bibutils-6.10/lib/unicode.c Examining data/bibutils-6.10/lib/latex_parse.c Examining data/bibutils-6.10/lib/type.h Examining data/bibutils-6.10/lib/bibutils.c Examining data/bibutils-6.10/lib/adsout_journals.c Examining data/bibutils-6.10/lib/iso639_1.c Examining data/bibutils-6.10/lib/modstypes.h Examining data/bibutils-6.10/lib/risout.c Examining data/bibutils-6.10/lib/isiin.c Examining data/bibutils-6.10/lib/generic.h Examining data/bibutils-6.10/lib/entities.c Examining data/bibutils-6.10/lib/str_conv.c Examining data/bibutils-6.10/lib/fields.h Examining data/bibutils-6.10/lib/name.c Examining data/bibutils-6.10/lib/slist.h Examining data/bibutils-6.10/lib/utf8.c Examining data/bibutils-6.10/lib/serialno.c Examining data/bibutils-6.10/lib/reftypes.h Examining data/bibutils-6.10/lib/bu_auth.c Examining data/bibutils-6.10/lib/str_conv.h Examining data/bibutils-6.10/lib/serialno.h Examining data/bibutils-6.10/lib/gb18030.c Examining data/bibutils-6.10/lib/nbibin.c Examining data/bibutils-6.10/lib/is_ws.h Examining data/bibutils-6.10/lib/bibl.c Examining data/bibutils-6.10/lib/gb18030.h Examining data/bibutils-6.10/lib/pages.h Examining data/bibutils-6.10/lib/url.c Examining data/bibutils-6.10/lib/copactypes.c Examining data/bibutils-6.10/lib/bibtexout.c Examining data/bibutils-6.10/lib/ebiin.c Examining data/bibutils-6.10/lib/xml_encoding.h Examining data/bibutils-6.10/lib/strsearch.c Examining data/bibutils-6.10/lib/vplist.c Examining data/bibutils-6.10/lib/notes.c Examining data/bibutils-6.10/lib/isiout.c Examining data/bibutils-6.10/lib/reftypes.c Examining data/bibutils-6.10/lib/iso639_3.c Examining data/bibutils-6.10/lib/bltypes.c Examining data/bibutils-6.10/lib/wordin.c Examining data/bibutils-6.10/lib/biblatexin.c Examining data/bibutils-6.10/lib/bibcore.c Examining data/bibutils-6.10/lib/adsout.c Examining data/bibutils-6.10/lib/pages.c Examining data/bibutils-6.10/lib/endin.c Examining data/bibutils-6.10/lib/entities.h Examining data/bibutils-6.10/lib/fields.c Examining data/bibutils-6.10/lib/bibutils.h Examining data/bibutils-6.10/lib/generic.c Examining data/bibutils-6.10/lib/marc_auth.c Examining data/bibutils-6.10/lib/charsets.c Examining data/bibutils-6.10/bin/endx2xml.c Examining data/bibutils-6.10/bin/modsclean.c Examining data/bibutils-6.10/bin/bibprog.h Examining data/bibutils-6.10/bin/tomods.h Examining data/bibutils-6.10/bin/med2xml.c Examining data/bibutils-6.10/bin/bib2xml.c Examining data/bibutils-6.10/bin/xml2wordbib.c Examining data/bibutils-6.10/bin/xml2biblatex.c Examining data/bibutils-6.10/bin/args.c Examining data/bibutils-6.10/bin/biblatex2xml.c Examining data/bibutils-6.10/bin/bibprog.c Examining data/bibutils-6.10/bin/xml2ris.c Examining data/bibutils-6.10/bin/xml2ads.c Examining data/bibutils-6.10/bin/bibdiff.c Examining data/bibutils-6.10/bin/xml2end.c Examining data/bibutils-6.10/bin/xml2nbib.c Examining data/bibutils-6.10/bin/end2xml.c Examining data/bibutils-6.10/bin/args.h Examining data/bibutils-6.10/bin/xml2isi.c Examining data/bibutils-6.10/bin/nbib2xml.c Examining data/bibutils-6.10/bin/isi2xml.c Examining data/bibutils-6.10/bin/wordbib2xml.c Examining data/bibutils-6.10/bin/xml2bib.c Examining data/bibutils-6.10/bin/tomods.c Examining data/bibutils-6.10/bin/ebi2xml.c Examining data/bibutils-6.10/bin/copac2xml.c Examining data/bibutils-6.10/bin/ris2xml.c FINAL RESULTS: data/bibutils-6.10/lib/adsout.c:328:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( outstr, "%02d/%s", month, str_cstr( year ) ); data/bibutils-6.10/lib/bibcore.c:913:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( outfile,"%s.%s",(char*)fields_value(reffields,found,FIELDS_CHRP_NOUSE), suffix ); data/bibutils-6.10/lib/bibcore.c:914:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. } else sprintf( outfile,"%ld.%s",nref, suffix ); data/bibutils-6.10/lib/bibcore.c:922:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( outfile, "%s_%ld.%s", (char*)fields_value( reffields, found, FIELDS_CHRP_NOUSE ), count, suffix ); data/bibutils-6.10/lib/bibcore.c:923:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf( outfile,"%ld_%ld.%s", nref, count, suffix ); data/bibutils-6.10/lib/biblatexout.c:509:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( date, "DATE:%s", date_element ); data/bibutils-6.10/lib/biblatexout.c:513:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( partdate, "PARTDATE:%s", date_element ); data/bibutils-6.10/lib/bibtexout.c:485:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( date, "DATE:%s", date_element ); data/bibutils-6.10/lib/bibtexout.c:489:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( partdate, "PARTDATE:%s", date_element ); data/bibutils-6.10/bin/bibdiff.c:250:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen( argv[1], "r" ); data/bibutils-6.10/bin/bibdiff.c:264:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen( argv[2], "r" ); data/bibutils-6.10/bin/bibprog.c:26:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen( argv[i], "r" ); data/bibutils-6.10/lib/adsout.c:299:47: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( isdigit( (unsigned char)m[0] ) ) return atoi( m ); data/bibutils-6.10/lib/adsout.c:322:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outstr[1000]; data/bibutils-6.10/lib/adsout.c:339:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[6]; data/bibutils-6.10/lib/adsout.c:342:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "%I64d", n ); data/bibutils-6.10/lib/adsout.c:344:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "%lld", n ); data/bibutils-6.10/lib/adsout.c:477:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outstr[20], ch; data/bibutils-6.10/lib/adsout.c:481:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( outstr, "..................." ); data/bibutils-6.10/lib/adsout.c:486:57: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( n!=FIELDS_NOTFOUND ) output_4digit_value( outstr, atoi( fields_value( in, n, FIELDS_CHRP ) ) ); data/bibutils-6.10/lib/adsout.c:500:59: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( n!=FIELDS_NOTFOUND ) output_4digit_value( outstr+9, atoi( fields_value( in, n, FIELDS_CHRP ) ) ); data/bibutils-6.10/lib/bibcore.c:451:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]=""; data/bibutils-6.10/lib/bibcore.c:560:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/bibutils-6.10/lib/bibcore.c:572:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "_%ld", i+1 ); data/bibutils-6.10/lib/bibcore.c:587:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, buf[100]; data/bibutils-6.10/lib/bibcore.c:621:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "ref%ld", nref ); data/bibutils-6.10/lib/bibcore.c:898:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfile[2048]; data/bibutils-6.10/lib/bibcore.c:899:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char suffix[5] = "xml"; data/bibutils-6.10/lib/bibcore.c:903:39: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if ( mode==BIBL_ADSABSOUT ) strcpy( suffix, "ads" ); data/bibutils-6.10/lib/bibcore.c:904:39: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else if ( mode==BIBL_BIBTEXOUT ) strcpy( suffix, "bib" ); data/bibutils-6.10/lib/bibcore.c:905:39: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else if ( mode==BIBL_ENDNOTEOUT ) strcpy( suffix, "end" ); data/bibutils-6.10/lib/bibcore.c:906:39: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else if ( mode==BIBL_ISIOUT ) strcpy( suffix, "isi" ); data/bibutils-6.10/lib/bibcore.c:907:39: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else if ( mode==BIBL_MODSOUT ) strcpy( suffix, "xml" ); data/bibutils-6.10/lib/bibcore.c:908:39: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else if ( mode==BIBL_RISOUT ) strcpy( suffix, "ris" ); data/bibutils-6.10/lib/bibcore.c:909:39: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else if ( mode==BIBL_WORD2007OUT ) strcpy( suffix, "xml" ); data/bibutils-6.10/lib/bibcore.c:916:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen( outfile, "r" ); data/bibutils-6.10/lib/bibcore.c:924:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen( outfile, "r" ); data/bibutils-6.10/lib/bibcore.c:926:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return fopen( outfile, "w" ); data/bibutils-6.10/lib/biblatexout.c:170:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *typenames[ NUM_TYPES ] = { data/bibutils-6.10/lib/biblatexout.c:506:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[100], partdate[100]; data/bibutils-6.10/lib/biblatexout.c:523:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *months[12] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", data/bibutils-6.10/lib/biblatexout.c:540:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). month = atoi( fields_value( in, n, FIELDS_CHRP ) ); data/bibutils-6.10/lib/bibtexout.c:157:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *typenames[ NUM_TYPES ] = { data/bibutils-6.10/lib/bibtexout.c:482:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[100], partdate[100]; data/bibutils-6.10/lib/bibtexout.c:499:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *months[12] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", data/bibutils-6.10/lib/bibtexout.c:516:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). month = atoi( fields_value( in, n, FIELDS_CHRP ) ); data/bibutils-6.10/lib/charsets.c:25:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdname[15]; data/bibutils-6.10/lib/charsets.c:26:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char descriptname[200]; data/bibutils-6.10/lib/charsets.c:27:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char aliases[CHARSET_NALIASES][25]; data/bibutils-6.10/lib/endin.c:398:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *month1[12]={ data/bibutils-6.10/lib/endin.c:406:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *month2[12]={ data/bibutils-6.10/lib/endin.c:424:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( out, "%d", found+1 ); data/bibutils-6.10/lib/endin.c:426:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( out, "0%d", found+1 ); data/bibutils-6.10/lib/endin.c:434:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tags[3][2] = { data/bibutils-6.10/lib/endin.c:440:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char month[10], *m; data/bibutils-6.10/lib/endout.c:521:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *months[12] = { "January", "February", "March", "April", data/bibutils-6.10/lib/endout.c:533:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m = atoi( month ); data/bibutils-6.10/lib/entities.c:17:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char html[20]; data/bibutils-6.10/lib/gb18030.c:34:62: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. gb18030_unicode_table_lookup( unsigned int unicode, unsigned char out[4] ) data/bibutils-6.10/lib/gb18030.c:76:62: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. gb18030_unicode_range_lookup( unsigned int unicode, unsigned char out[4] ) data/bibutils-6.10/lib/gb18030.c:128:48: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. gb18030_encode( unsigned int unicode, unsigned char out[4] ) data/bibutils-6.10/lib/gb18030.c:149:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uc[4]; data/bibutils-6.10/lib/gb18030.c:151:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. uc[0] = ( unsigned char ) s[i]; data/bibutils-6.10/lib/gb18030.c:159:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. uc[1] = ( unsigned char ) s[i+1]; data/bibutils-6.10/lib/gb18030.c:160:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. uc[2] = ( unsigned char ) s[i+2]; data/bibutils-6.10/lib/gb18030.c:161:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. uc[3]= ( unsigned char ) s[i+3]; data/bibutils-6.10/lib/gb18030.h:12:59: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern int gb18030_encode( unsigned int unicode, unsigned char out[4] ); data/bibutils-6.10/lib/gb18030_enumeration.c:5:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bytes[4]; data/bibutils-6.10/lib/isiin.c:80:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if ( !isupper( (unsigned char )buf[0] ) ) return 0; data/bibutils-6.10/lib/isiin.c:81:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if ( !( isupper( (unsigned char )buf[1] ) || isdigit( (unsigned char )buf[1] ) ) ) return 0; data/bibutils-6.10/lib/isiin.c:81:66: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if ( !( isupper( (unsigned char )buf[1] ) || isdigit( (unsigned char )buf[1] ) ) ) return 0; data/bibutils-6.10/lib/modsin.c:261:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *titletag[2][2] = { data/bibutils-6.10/lib/modsout.c:387:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. find_datepos( fields *f, int level, unsigned char use_altnames, int datepos[NUM_DATE_TYPES] ) data/bibutils-6.10/lib/modsout.c:448:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. fprintf( outptr, "%s", (char *) fields_value( f, pos[i], FIELDS_CHRP ) ); data/bibutils-6.10/lib/modsout.c:459:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. fprintf( outptr, "%s", (char *) fields_value( f, pos[ DATE_ALL ], FIELDS_CHRP ) ); data/bibutils-6.10/lib/modsout.c:665:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. fprintf( outptr, "%s", (char *) fields_value( f, parts[0].pos, FIELDS_CHRP ) ); data/bibutils-6.10/lib/modsout.c:669:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. fprintf( outptr, "-%s", (char *) fields_value( f, parts[1].pos, FIELDS_CHRP ) ); data/bibutils-6.10/lib/modsout.c:675:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. fprintf( outptr, "-%s", (char *) fields_value( f, parts[2].pos, FIELDS_CHRP ) ); data/bibutils-6.10/lib/mycvout.c:381:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *months[12] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", data/bibutils-6.10/lib/mycvout.c:393:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). month = atoi( info->data[n].data ); data/bibutils-6.10/lib/name.c:171:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char utf8s[7]; data/bibutils-6.10/lib/reftypes.h:54:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[25]; data/bibutils-6.10/lib/risin.c:93:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if ( !isupper( (unsigned char )buf[0] ) ) return 0; data/bibutils-6.10/lib/risin.c:94:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if ( !( isupper( (unsigned char )buf[1] ) || isdigit( (unsigned char )buf[1] ) ) ) return 0; data/bibutils-6.10/lib/risin.c:94:66: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if ( !( isupper( (unsigned char )buf[1] ) || isdigit( (unsigned char )buf[1] ) ) ) return 0; data/bibutils-6.10/lib/risout.c:119:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *typenames[ NUM_TYPES ] = { data/bibutils-6.10/lib/risout.c:337:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *typenames[ NUM_TYPES ] = { data/bibutils-6.10/lib/slist.c:741:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen( filename, "r" ); data/bibutils-6.10/lib/str.c:631:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char empty[2] = ""; data/bibutils-6.10/lib/str_conv.c:26:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/bibutils-6.10/lib/str_conv.c:27:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "&#%u;", ch ); data/bibutils-6.10/lib/str_conv.c:54:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char code[6]; data/bibutils-6.10/lib/str_conv.c:69:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char code[4]; data/bibutils-6.10/lib/str_conv.c:84:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/bibutils-6.10/lib/utf8.c:25:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. utf8_build( unsigned int value, unsigned char out[6], int in_pos, int out_pos ) data/bibutils-6.10/lib/utf8.c:49:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. utf8_encode( unsigned int value, unsigned char out[6] ) data/bibutils-6.10/lib/utf8.c:85:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. utf8_encode_str( unsigned int value, char outstr[7] ) data/bibutils-6.10/lib/utf8.c:87:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char encoded[6]; data/bibutils-6.10/lib/utf8.c:91:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. outstr[i] = ( char ) encoded[i]; data/bibutils-6.10/lib/utf8.c:146:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char code[6]; data/bibutils-6.10/lib/utf8.c:172:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char emdash[3] = { -30, -128, -108 }; data/bibutils-6.10/lib/utf8.c:184:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char endash[3] = { -30, -128, -109 }; data/bibutils-6.10/lib/utf8.h:14:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int utf8_encode( unsigned int value, unsigned char out[6] ); data/bibutils-6.10/lib/utf8.h:15:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void utf8_encode_str( unsigned int value, char outstr[7] ); data/bibutils-6.10/test/entities_test.c:20:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/bibutils-6.10/test/entities_test.c:24:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "&#%u;*", i ); data/bibutils-6.10/test/entities_test.c:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/bibutils-6.10/test/entities_test.c:57:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "&#%u;*", i ); data/bibutils-6.10/test/entities_test.c:69:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "&#%u ;", i ); data/bibutils-6.10/test/entities_test.c:86:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/bibutils-6.10/test/entities_test.c:90:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "&#x%x;*", i ); data/bibutils-6.10/test/slist_test.c:642:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/bibutils-6.10/test/slist_test.c:656:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "Test%d", i ); data/bibutils-6.10/test/slist_test.c:665:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "Test%d", i ); data/bibutils-6.10/test/slist_test.c:682:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/bibutils-6.10/test/slist_test.c:690:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "Test%d", i ); data/bibutils-6.10/test/slist_test.c:705:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "Test%d", i ); data/bibutils-6.10/test/slist_test.c:725:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/bibutils-6.10/test/slist_test.c:731:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "ToBeCopied%d", i ); data/bibutils-6.10/test/slist_test.c:741:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "ToBeCopied%d", i ); data/bibutils-6.10/test/slist_test.c:749:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "ToBeOverwritten%d", i ); data/bibutils-6.10/test/slist_test.c:754:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "ToBeOverwritten%d", i ); data/bibutils-6.10/test/slist_test.c:768:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "ToBeCopied%d", i ); data/bibutils-6.10/test/slist_test.c:1546:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[512]; data/bibutils-6.10/test/slist_test.c:1553:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( filename, "test_slist.%lu", val ); data/bibutils-6.10/test/slist_test.c:1555:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen( filename, "w" ); data/bibutils-6.10/test/slist_test.c:1614:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[512]; data/bibutils-6.10/test/slist_test.c:1621:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( filename, "test_slist.%lu", val ); data/bibutils-6.10/test/slist_test.c:1623:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen( filename, "w" ); data/bibutils-6.10/test/slist_test.c:1667:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/bibutils-6.10/test/slist_test.c:1680:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "a_entry%d\n", i ); data/bibutils-6.10/test/slist_test.c:1684:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "b_entry%d\n", i ); data/bibutils-6.10/test/slist_test.c:1688:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "c_entry%d\n", i ); data/bibutils-6.10/test/slist_test.c:1698:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "a_entry%d\n", i ); data/bibutils-6.10/test/slist_test.c:1702:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "b_entry%d\n", i ); data/bibutils-6.10/test/slist_test.c:1706:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "c_entry%d\n", i ); data/bibutils-6.10/test/utf8_test.c:18:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ubuf[512]; data/bibutils-6.10/test/utf8_test.c:19:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/bibutils-6.10/test/vplist_test.c:77:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/bibutils-6.10/test/vplist_test.c:82:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "%c", '0' + i ); data/bibutils-6.10/test/vplist_test.c:105:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/bibutils-6.10/test/vplist_test.c:110:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "%c", 'a' + i ); data/bibutils-6.10/test/vplist_test.c:168:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s[LENS]; data/bibutils-6.10/test/vplist_test.c:246:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s[LENS], *t[LENT]; data/bibutils-6.10/test/vplist_test.c:298:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s[LENS], *t[LENT]; data/bibutils-6.10/test/vplist_test.c:358:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s[LENS], *t[LENT]; data/bibutils-6.10/test/vplist_test.c:414:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s[LENS]; data/bibutils-6.10/test/vplist_test.c:450:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s[LENS], *t[LENS], buf[256]; data/bibutils-6.10/test/vplist_test.c:463:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "%c", 'a' + i ); data/bibutils-6.10/test/vplist_test.c:495:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s[LENS]; data/bibutils-6.10/test/vplist_test.c:536:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s[LENS], *t[LENT], buf[256]; data/bibutils-6.10/test/vplist_test.c:549:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "%c", 'a' + i ); data/bibutils-6.10/test/vplist_test.c:589:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s[LENS]; data/bibutils-6.10/test/vplist_test.c:642:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s[LENS]; data/bibutils-6.10/test/vplist_test.c:727:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s[LENS]; data/bibutils-6.10/lib/adsout.c:346:23: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if ( n < 10 ) strncpy( pos+3, buf, 1 ); data/bibutils-6.10/lib/adsout.c:347:23: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). else if ( n < 100 ) strncpy( pos+2, buf, 2 ); data/bibutils-6.10/lib/adsout.c:348:23: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). else if ( n < 1000 ) strncpy( pos+1, buf, 3 ); data/bibutils-6.10/lib/adsout.c:349:23: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). else strncpy( pos, buf, 4 ); data/bibutils-6.10/lib/biblatexout.c:833:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (value) ? strlen( value ) : 0; data/bibutils-6.10/lib/biblatexout.c:853:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen( tag ); data/bibutils-6.10/lib/biblatexout.c:863:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen( value ); data/bibutils-6.10/lib/bibtexin.c:1058:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int n = strlen( p ) - 1; data/bibutils-6.10/lib/bibtexout.c:797:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (value) ? strlen( value ) : 0; data/bibutils-6.10/lib/bibtexout.c:817:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen( tag ); data/bibutils-6.10/lib/bibtexout.c:827:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen( value ); data/bibutils-6.10/lib/entities.c:293:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen( e ); data/bibutils-6.10/lib/mycvout.c:191:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen( s ); data/bibutils-6.10/lib/mycvout.c:208:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen( tag ); data/bibutils-6.10/lib/mycvout.c:218:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen( data ); data/bibutils-6.10/lib/nbibin.c:176:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ( inref && strlen( p ) >= 6 ) { data/bibutils-6.10/lib/nbibin.c:400:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( outtag ) > 0 ) { data/bibutils-6.10/lib/reftypes.c:25:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( !strncasecmp( all[i].type, p, strlen(all[i].type) ) ) data/bibutils-6.10/lib/risout.c:561:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen( scheme[i] ); data/bibutils-6.10/lib/str.c:358:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenaddstr = strlen( addstr ); data/bibutils-6.10/lib/str.c:369:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( s->data, addstr, lenaddstr ); data/bibutils-6.10/lib/str.c:389:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat( &(s->data[s->len]), addstr, n ); data/bibutils-6.10/lib/str.c:407:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen( from ); data/bibutils-6.10/lib/str.c:498:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( s->data, p, n ); data/bibutils-6.10/lib/str.c:518:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen( from ); data/bibutils-6.10/lib/str.c:643:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). find_len = strlen( find ); data/bibutils-6.10/lib/str.c:644:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rep_len = strlen( replace ); data/bibutils-6.10/lib/str.c:650:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). curr_len = strlen(s->data); data/bibutils-6.10/lib/str.c:1036:8: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = fgetc( fp ); data/bibutils-6.10/lib/str.c:1043:9: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = fgetc( fp ); data/bibutils-6.10/lib/url.c:102:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). patlen = strlen( pattern ); data/bibutils-6.10/lib/url.c:103:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( s ) < patlen ) return 0; /* too short */ data/bibutils-6.10/lib/wordout.c:302:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( mainttl[ strlen( mainttl ) - 1 ] != '?' ) data/bibutils-6.10/lib/xml.c:324:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( node->tag.len!=strlen( tag ) ) return 0; data/bibutils-6.10/test/slist_test.c:1739:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). check( (n==strlen("churlish")), "slist_get_maxlen() should return length of 'churlish'" ); data/bibutils-6.10/test/slist_test.c:1745:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). check( (n==strlen("churlish")), "slist_get_maxlen() should return length of 'churlish'" ); data/bibutils-6.10/test/slist_test.c:1751:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). check( (n==strlen("amateurish")), "slist_get_maxlen() should return length of 'amateurish'" ); data/bibutils-6.10/test/str_test.c:32:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( s->len != strlen( s->data ) ) { data/bibutils-6.10/test/str_test.c:33:102: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stdout,"%s line %lu: failed consistency check found strlen=%d, s->len=%ld\n",fn,line,(int)strlen(s->data),s->len); data/bibutils-6.10/test/str_test.c:43:96: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stdout,"%s line %lu: failed consistency check found %d, expected %lu\n",fn,line,(int)strlen(s->data),numchars); data/bibutils-6.10/test/str_test.c:590:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( string_mismatch( s, strlen(str1)-1, "Col1\tCol2\tCol3" ) ) failed++; data/bibutils-6.10/test/str_test.c:597:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( string_mismatch( s, strlen(str1), "Col1\tCol2\tCol3\n" ) ) failed++; data/bibutils-6.10/test/str_test.c:611:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( string_mismatch( s, strlen(str2), str2 ) ) failed++; data/bibutils-6.10/test/str_test.c:674:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( string_mismatch( dup, strlen(str1), str1 ) ) failed++; data/bibutils-6.10/test/str_test.c:683:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( string_mismatch( dup, strlen(str2), str2 ) ) failed++; data/bibutils-6.10/test/str_test.c:702:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( string_mismatch( s, strlen(str1), "ABCDE_ABCDE_12345" ) ) failed++; data/bibutils-6.10/test/str_test.c:706:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( string_mismatch( s, strlen(str2), str2 ) ) failed++; data/bibutils-6.10/test/str_test.c:724:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( string_mismatch( s, strlen(str1), "abcde_abcde_12345" ) ) failed++; data/bibutils-6.10/test/str_test.c:728:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( string_mismatch( s, strlen(str2), str2 ) ) failed++; data/bibutils-6.10/test/str_test.c:756:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( string_mismatch( s, strlen("ksjadfk lajskfjds askdjflkj "), "ksjadfk lajskfjds askdjflkj " ) ) failed++; data/bibutils-6.10/test/str_test.c:758:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( string_mismatch( s, strlen("ksjadfk lajskfjds askdjflkj"), "ksjadfk lajskfjds askdjflkj" ) ) failed++; data/bibutils-6.10/test/str_test.c:762:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( string_mismatch( s, strlen(" ksjadfk lajskfjds askdjflkj"), " ksjadfk lajskfjds askdjflkj" ) ) failed++; data/bibutils-6.10/test/str_test.c:764:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( string_mismatch( s, strlen("ksjadfk lajskfjds askdjflkj"), "ksjadfk lajskfjds askdjflkj" ) ) failed++; data/bibutils-6.10/test/str_test.c:776:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( string_mismatch( s, strlen("ksjadfklajskfjdsaskdjflkj"), "ksjadfklajskfjdsaskdjflkj" ) ) failed++; ANALYSIS SUMMARY: Hits = 209 Lines analyzed = 117698 in approximately 4.17 seconds (28247 lines/second) Physical Source Lines of Code (SLOC) = 109491 Hits@level = [0] 686 [1] 54 [2] 146 [3] 0 [4] 9 [5] 0 Hits@level+ = [0+] 895 [1+] 209 [2+] 155 [3+] 9 [4+] 9 [5+] 0 Hits/KSLOC@level+ = [0+] 8.17419 [1+] 1.90883 [2+] 1.41564 [3+] 0.0821985 [4+] 0.0821985 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.