Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/bwbasic-2.20pl2/bwb_cnd.c
Examining data/bwbasic-2.20pl2/bwb_exp.c
Examining data/bwbasic-2.20pl2/bwb_inp.c
Examining data/bwbasic-2.20pl2/bwb_int.c
Examining data/bwbasic-2.20pl2/bwb_mth.c
Examining data/bwbasic-2.20pl2/bwb_ops.c
Examining data/bwbasic-2.20pl2/bwb_par.c
Examining data/bwbasic-2.20pl2/bwb_prn.c
Examining data/bwbasic-2.20pl2/bwb_stc.c
Examining data/bwbasic-2.20pl2/bwb_str.c
Examining data/bwbasic-2.20pl2/bwb_tcc.c
Examining data/bwbasic-2.20pl2/bwx_iqc.c
Examining data/bwbasic-2.20pl2/bwx_iqc.h
Examining data/bwbasic-2.20pl2/bwx_tty.h
Examining data/bwbasic-2.20pl2/bwx_ncu.c
Examining data/bwbasic-2.20pl2/bwx_ncu.h
Examining data/bwbasic-2.20pl2/bwb_cmd.c
Examining data/bwbasic-2.20pl2/bwb_dio.c
Examining data/bwbasic-2.20pl2/bwb_elx.c
Examining data/bwbasic-2.20pl2/bwb_fnc.c
Examining data/bwbasic-2.20pl2/bwb_mes.h
Examining data/bwbasic-2.20pl2/bwb_tbl.c
Examining data/bwbasic-2.20pl2/bwb_var.c
Examining data/bwbasic-2.20pl2/bwbasic.c
Examining data/bwbasic-2.20pl2/bwbasic.h
Examining data/bwbasic-2.20pl2/renum.c
Examining data/bwbasic-2.20pl2/bwx_tty.c
FINAL RESULTS:
data/bwbasic-2.20pl2/bwb_inp.c:652:7: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat( pstring, "? ", MAXSTRINGSIZE );
data/bwbasic-2.20pl2/bwb_cmd.c:171:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_let(): pos <%d> line <%s>",
data/bwbasic-2.20pl2/bwb_cmd.c:277:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_goto(): buffer has <%s>", tbuf );
data/bwbasic-2.20pl2/bwb_cmd.c:289:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_goto(): found LABEL, <%s>", tbuf );
data/bwbasic-2.20pl2/bwb_cmd.c:339:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( bwb_ebuf, err_lnnotfound, atoi( tbuf ) );
data/bwbasic-2.20pl2/bwb_cmd.c:377:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( bwb_ebuf, err_noln );
data/bwbasic-2.20pl2/bwb_cmd.c:449:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( bwb_ebuf, err_lnnotfound, atoi( atbuf ) );
data/bwbasic-2.20pl2/bwb_cmd.c:574:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( bwb_ebuf, err_incomplete );
data/bwbasic-2.20pl2/bwb_cmd.c:630:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( bwb_ebuf, ERR_ONNOGOTO );
data/bwbasic-2.20pl2/bwb_cmd.c:681:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( bwb_ebuf, err_valoorange );
data/bwbasic-2.20pl2/bwb_cmd.c:764:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( oline->buffer, "%s %d", CMD_GOSUB, lines[ v - 1 ] );
data/bwbasic-2.20pl2/bwb_cmd.c:974:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_run(): entered function. buffer <%s> pos <%d>",
data/bwbasic-2.20pl2/bwb_cmd.c:984:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_run(): check buffer <%s> pos <%d> char <0x%x>",
data/bwbasic-2.20pl2/bwb_cmd.c:1014:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( bwb_ebuf, err_openfile, tbuf );
data/bwbasic-2.20pl2/bwb_cmd.c:1041:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_run(): element detected <%s>, lnumber <%d>",
data/bwbasic-2.20pl2/bwb_cmd.c:1059:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( bwb_ebuf, err_lnnotfound, go_lnumber );
data/bwbasic-2.20pl2/bwb_cmd.c:1258:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( bwb_ebuf, err_openfile, CURTASK progfile );
data/bwbasic-2.20pl2/bwb_cmd.c:1335:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( bwb_ebuf, err_openfile, filename );
data/bwbasic-2.20pl2/bwb_cmd.c:1469:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( bwb_ebuf, err_lnnotfound, s );
data/bwbasic-2.20pl2/bwb_cmd.c:1557:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "%7d: %s\n", l->number, l->buffer );
data/bwbasic-2.20pl2/bwb_cmd.c:1561:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, " : %s\n", l->buffer );
data/bwbasic-2.20pl2/bwb_cmd.c:1657:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( bwb_ebuf, err_lnnotfound, s );
data/bwbasic-2.20pl2/bwb_cmd.c:2122:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_environ(): variable string is <%s>", tbuf );
data/bwbasic-2.20pl2/bwb_cmd.c:2133:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_environ(): variable string resolves to <%s>", tbuf );
data/bwbasic-2.20pl2/bwb_cmd.c:2159:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_environ(): value string resolves to <%s>", tmp );
data/bwbasic-2.20pl2/bwb_cmd.c:2166:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( tbuf, tmp );
data/bwbasic-2.20pl2/bwb_cmd.c:2169:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_environ(): assignment string is <%s>", tbuf );
data/bwbasic-2.20pl2/bwb_cmd.c:2224:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "%s \n", bwb_cmdtable[ n ].name );
data/bwbasic-2.20pl2/bwb_cnd.c:115:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_if(): entry, line <%d> buffer <%s>",
data/bwbasic-2.20pl2/bwb_cnd.c:145:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_if(): return from cnd_thenelse, line is <%s>",
data/bwbasic-2.20pl2/bwb_cnd.c:206:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_if(): not multi-line; line is <%s>",
data/bwbasic-2.20pl2/bwb_cnd.c:249:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "%s %d", CMD_GOTO, glnumber );
data/bwbasic-2.20pl2/bwb_cnd.c:321:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in cnd_thenels(): entry, line is <%s>",
data/bwbasic-2.20pl2/bwb_cnd.c:346:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in cnd_thenels(): word is <%s>", tbuf );
data/bwbasic-2.20pl2/bwb_cnd.c:357:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in cnd_thenelse(): after THEN, line is <%s>", buffer );
data/bwbasic-2.20pl2/bwb_cnd.c:370:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in cnd_thenelse(): after ELSE, line is <%s>", buffer );
data/bwbasic-2.20pl2/bwb_cnd.c:412:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in cnd_thenelse(): exit, line is <%s>", buffer );
data/bwbasic-2.20pl2/bwb_cnd.c:952:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_case(): compare strings <%s> and <%s>",
data/bwbasic-2.20pl2/bwb_cnd.c:1075:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "%f %s",
data/bwbasic-2.20pl2/bwb_cnd.c:1790:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_for(): variable name <%s>.", v->name );
data/bwbasic-2.20pl2/bwb_cnd.c:1809:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_for(): failed to find equals sign, buf <%s>",
data/bwbasic-2.20pl2/bwb_cnd.c:1852:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_for(): initial value string <%s>",
data/bwbasic-2.20pl2/bwb_cnd.c:1905:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_for(): target value string <%s>",
data/bwbasic-2.20pl2/bwb_cnd.c:1938:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_for(): step value string <%s>",
data/bwbasic-2.20pl2/bwb_cnd.c:2059:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_next(): variable name detected <%s>.", v->name );
data/bwbasic-2.20pl2/bwb_cnd.c:2378:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in cnd_tostep(): word is <%s>", tbuf );
data/bwbasic-2.20pl2/bwb_cnd.c:2458:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in var_setnval(): variable <%s> is not a number",
data/bwbasic-2.20pl2/bwb_dio.c:112:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_open(): first element is <%s>",
data/bwbasic-2.20pl2/bwb_dio.c:179:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_open(): syntax 1, devname <%s>",
data/bwbasic-2.20pl2/bwb_dio.c:266:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( devname, first );
data/bwbasic-2.20pl2/bwb_dio.c:269:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_open(): syntax 2, devname <%s>",
data/bwbasic-2.20pl2/bwb_dio.c:348:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_open(): string to parse for req dev number <%s>",
data/bwbasic-2.20pl2/bwb_dio.c:460:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_open(): ready to open device <%s> mode <%d>",
data/bwbasic-2.20pl2/bwb_dio.c:494:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "Failed to open device <%s>", devname );
data/bwbasic-2.20pl2/bwb_dio.c:512:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( dev_table[ req_devnumber ].filename, devname );
data/bwbasic-2.20pl2/bwb_dio.c:758:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_chdir(): argument is <%s>", atbuf );
data/bwbasic-2.20pl2/bwb_dio.c:838:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_rmdir(): argument is <%s>", atbuf );
data/bwbasic-2.20pl2/bwb_dio.c:917:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_mkdir(): argument is <%s>", atbuf );
data/bwbasic-2.20pl2/bwb_dio.c:1000:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_kill(): argument is <%s>", atbuf );
data/bwbasic-2.20pl2/bwb_dio.c:1110:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_name(): old name is <%s>", atbuf );
data/bwbasic-2.20pl2/bwb_dio.c:1120:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_name(): AS string is <%s>", btbuf );
data/bwbasic-2.20pl2/bwb_dio.c:1148:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_name(): new name is <%s>", btbuf );
data/bwbasic-2.20pl2/bwb_dio.c:1206:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_field(): device# buffer <%s>", atbuf );
data/bwbasic-2.20pl2/bwb_dio.c:1276:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_field(): device <%d> length <%d> buf <%s>",
data/bwbasic-2.20pl2/bwb_dio.c:1287:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_field(): AS element <%s>", atbuf );
data/bwbasic-2.20pl2/bwb_dio.c:1317:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_field(): device <%d> var <%s> length <%d>",
data/bwbasic-2.20pl2/bwb_dio.c:1354:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_field(): buffer <%lXh> var <%s> buffer <%lXh>",
data/bwbasic-2.20pl2/bwb_dio.c:1479:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in dio_lrset(): variable <%s> has 1 dimension",
data/bwbasic-2.20pl2/bwb_dio.c:1490:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in dio_lrset(): variable <%s> has > 1 dimensions",
data/bwbasic-2.20pl2/bwb_dio.c:1775:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_put(): rec no buffer <%s>", atbuf );
data/bwbasic-2.20pl2/bwb_elx.c:140:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_paren() found internal string <%s>",
data/bwbasic-2.20pl2/bwb_elx.c:215:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "string <%s> exceeds maximum size (%d) for string constant.",
data/bwbasic-2.20pl2/bwb_elx.c:309:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_numconst(): received <%s>, eval <%c>",
data/bwbasic-2.20pl2/bwb_elx.c:361:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "expression <%s> is not a numerical constant.",
data/bwbasic-2.20pl2/bwb_elx.c:475:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_numconst(): read mantissa, string <%s> val <%lf>",
data/bwbasic-2.20pl2/bwb_elx.c:743:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_function(): entered function, expression <%s>",
data/bwbasic-2.20pl2/bwb_elx.c:767:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_function(): name is <%s>.",
data/bwbasic-2.20pl2/bwb_elx.c:781:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "Failed to find function <%s>.",
data/bwbasic-2.20pl2/bwb_elx.c:1018:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_function(): building <%s>.",
data/bwbasic-2.20pl2/bwb_elx.c:1119:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_function(): string assigned <%s>", tbuf );
data/bwbasic-2.20pl2/bwb_elx.c:1181:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_variable(): level <%d>, found variable name <%s>",
data/bwbasic-2.20pl2/bwb_elx.c:1196:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_variable(): variable <%s> has 1 dimension",
data/bwbasic-2.20pl2/bwb_elx.c:1208:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_variable(): variable <%s> has > 1 dimensions",
data/bwbasic-2.20pl2/bwb_elx.c:1224:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_variable(): var <%s> array_pos element <%d> is <%d>.",
data/bwbasic-2.20pl2/bwb_elx.c:1239:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_variable(): b string name is <%s>",
data/bwbasic-2.20pl2/bwb_elx.c:1255:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_variable(): exit, name <%s>, level <%d>, op <%d>",
data/bwbasic-2.20pl2/bwb_exp.c:68:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "entered bwb_exp(): expression <%s> assignment <%d> level <%d>",
data/bwbasic-2.20pl2/bwb_exp.c:147:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_exp(): main loop, level <%d> element <%s> ",
data/bwbasic-2.20pl2/bwb_exp.c:259:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_exp(): calling exp_function(), expression <%s>",
data/bwbasic-2.20pl2/bwb_exp.c:270:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_exp(): calling exp_ufnc(), expression <%s>",
data/bwbasic-2.20pl2/bwb_exp.c:278:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_exp(): return from exp_ufnc(), buffer <%s>",
data/bwbasic-2.20pl2/bwb_exp.c:518:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_findop(): received <%s>", expression );
data/bwbasic-2.20pl2/bwb_exp.c:535:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_findop(): expression after advance <%s>",
data/bwbasic-2.20pl2/bwb_exp.c:636:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_findop(): cbuf element is <%s>", cbuf );
data/bwbasic-2.20pl2/bwb_exp.c:812:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_isop(): expression is <%s>", expression );
data/bwbasic-2.20pl2/bwb_exp.c:826:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_isop(): match <%s>, number <%d>.",
data/bwbasic-2.20pl2/bwb_exp.c:866:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_iscmd(): expression received <%s>",
data/bwbasic-2.20pl2/bwb_exp.c:876:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_iscmd(): match found, <%s>",
data/bwbasic-2.20pl2/bwb_exp.c:887:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_iscmd(): match found, <%s>",
data/bwbasic-2.20pl2/bwb_exp.c:898:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_iscmd(): match found, <%s>",
data/bwbasic-2.20pl2/bwb_exp.c:912:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_iscmd(): match found, <%s>",
data/bwbasic-2.20pl2/bwb_exp.c:921:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_iscmd(): No match, <%s> and <%s>; returns %d",
data/bwbasic-2.20pl2/bwb_exp.c:964:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_isufn(): found user function <%s>",
data/bwbasic-2.20pl2/bwb_exp.c:981:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_isufn(): found function <%s> not a local variable, EXEC level <%d>",
data/bwbasic-2.20pl2/bwb_exp.c:1021:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_isfn(): search for function <%s>",
data/bwbasic-2.20pl2/bwb_exp.c:1029:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_isfn(): failed to find function <%s>",
data/bwbasic-2.20pl2/bwb_exp.c:1038:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_isfn(): found function <%s>",
data/bwbasic-2.20pl2/bwb_exp.c:1079:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_isvn(): search for variable <%s>",
data/bwbasic-2.20pl2/bwb_exp.c:1087:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_isvn(): failed to find variable <%s>",
data/bwbasic-2.20pl2/bwb_exp.c:1096:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_isvn(): found variable <%s>",
data/bwbasic-2.20pl2/bwb_exp.c:1127:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_getvfname(): source buffer <%s>", source );
data/bwbasic-2.20pl2/bwb_exp.c:1194:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_getvfname(): found name <%s>", destination );
data/bwbasic-2.20pl2/bwb_exp.c:1225:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_validarg(): expression <%s>.",
data/bwbasic-2.20pl2/bwb_fnc.c:151:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in fnc_find(): called for <%s> ", buffer );
data/bwbasic-2.20pl2/bwb_fnc.c:155:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( tbuf, buffer );
data/bwbasic-2.20pl2/bwb_fnc.c:163:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in fnc_find(): found <%s> ", f->name );
data/bwbasic-2.20pl2/bwb_fnc.c:486:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in fnc_chr(): bstring name is <%s>", b->name );
data/bwbasic-2.20pl2/bwb_fnc.c:742:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in fnc_mid() string <%s> startpos <%d> spaces <%d>",
data/bwbasic-2.20pl2/bwb_fnc.c:829:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in fnc_left() string <%s> startpos <%d> spaces <%d>",
data/bwbasic-2.20pl2/bwb_fnc.c:916:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in fnc_right() string <%s> startpos <%d> spaces <%d>",
data/bwbasic-2.20pl2/bwb_fnc.c:1022:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in fnc_asc(): string is <%s>",
data/bwbasic-2.20pl2/bwb_fnc.c:1117:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in fnc_string(): argument <%s> arg type <%c>, length <%d>",
data/bwbasic-2.20pl2/bwb_fnc.c:1874:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, " arg %d (%c): <%s> \n", c,
data/bwbasic-2.20pl2/bwb_fnc.c:1951:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "%s\t%c \n", f->name, f->type );
data/bwbasic-2.20pl2/bwb_inp.c:100:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_read(): buffer <%s>",
data/bwbasic-2.20pl2/bwb_inp.c:161:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_read(): line <%d> variable <%s>",
data/bwbasic-2.20pl2/bwb_inp.c:164:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_read(): remaining line <%s>",
data/bwbasic-2.20pl2/bwb_inp.c:195:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_read(): current data line: <%s>",
data/bwbasic-2.20pl2/bwb_inp.c:226:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_read(): advance to data line: <%s>",
data/bwbasic-2.20pl2/bwb_inp.c:264:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_read(): data constant is <%s>", tbuf );
data/bwbasic-2.20pl2/bwb_inp.c:274:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_read(): variable <%s> is dimensioned",
data/bwbasic-2.20pl2/bwb_inp.c:287:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_read(): variable <%s> is NOT dimensioned",
data/bwbasic-2.20pl2/bwb_inp.c:290:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_read(): remaining line <%s>",
data/bwbasic-2.20pl2/bwb_inp.c:305:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_read(): exiting function, line <%s> ",
data/bwbasic-2.20pl2/bwb_inp.c:416:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( bwb_ebuf, err_lnnotfound, n );
data/bwbasic-2.20pl2/bwb_inp.c:666:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_input(): received line <%s>", tbuf );
data/bwbasic-2.20pl2/bwb_inp.c:708:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_xinp(): buffer <%s>",
data/bwbasic-2.20pl2/bwb_inp.c:725:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_xinp(): found variable name <%s>",
data/bwbasic-2.20pl2/bwb_inp.c:736:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_xinp(): variable <%s> has dimensions",
data/bwbasic-2.20pl2/bwb_inp.c:772:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_xinp(): read STRING <%s>",
data/bwbasic-2.20pl2/bwb_inp.c:787:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_xinp(): read NUMBER <%s>",
data/bwbasic-2.20pl2/bwb_inp.c:992:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in inp_str(): received line <%s>",
data/bwbasic-2.20pl2/bwb_inp.c:995:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in inp_str(): received variable list <%s>.",
data/bwbasic-2.20pl2/bwb_inp.c:998:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in inp_str(): received input buffer <%s>.",
data/bwbasic-2.20pl2/bwb_inp.c:1016:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in inp_str(): found variable buffer <%s> name <%s>",
data/bwbasic-2.20pl2/bwb_inp.c:1027:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in inp_str(): variable <%s> has dimensions",
data/bwbasic-2.20pl2/bwb_inp.c:1052:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in inp_str(): string for input <%s>",
data/bwbasic-2.20pl2/bwb_inp.c:1096:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in inp_str(): exit, line buffer <%s>",
data/bwbasic-2.20pl2/bwb_inp.c:1153:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in inp_assign(): variable <%s> of unknown type",
data/bwbasic-2.20pl2/bwb_inp.c:1242:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in inp_const(): received argument <%s>.",
data/bwbasic-2.20pl2/bwb_inp.c:1423:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_line(): tbuf <%s>",
data/bwbasic-2.20pl2/bwb_inp.c:1426:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_line(): line buffer <%s>",
data/bwbasic-2.20pl2/bwb_inp.c:1434:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_line(): variable buffer <%s>", tbuf );
data/bwbasic-2.20pl2/bwb_inp.c:1449:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_line(): variable for assignment <%s>", v->name );
data/bwbasic-2.20pl2/bwb_inp.c:1528:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in inp_numconst(): received <%s>, eval <%c>",
data/bwbasic-2.20pl2/bwb_inp.c:1580:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "expression <%s> is not a numerical constant.",
data/bwbasic-2.20pl2/bwb_inp.c:1692:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in inp_numconst(): read mantissa, string <%s> val <%lf>",
data/bwbasic-2.20pl2/bwb_int.c:72:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in adv_element(): receieved <%s>.", &( buffer[ *pos ] ));
data/bwbasic-2.20pl2/bwb_int.c:361:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in line_start(): pos <%d> buffer <%s>", *pos,
data/bwbasic-2.20pl2/bwb_int.c:402:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in line_start(): new element is <%s>", tbuf );
data/bwbasic-2.20pl2/bwb_int.c:442:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in line_start(): no line number, element <%s>.",
data/bwbasic-2.20pl2/bwb_int.c:452:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in line_start(): label detected <%s>.",
data/bwbasic-2.20pl2/bwb_int.c:568:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in is_let(): buffer <%s>", buffer );
data/bwbasic-2.20pl2/bwb_int.c:684:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in is_numconst(): received string <%s>.", buffer );
data/bwbasic-2.20pl2/bwb_mth.c:108:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in fnc_core(): ready to make local variable <%s>",
data/bwbasic-2.20pl2/bwb_mth.c:265:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in fnc_abs(): ready to make local variable <%s>",
data/bwbasic-2.20pl2/bwb_mth.c:1582:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in fnc_mks(): string <%s> hex vals <%X><%X><%X><%X>",
data/bwbasic-2.20pl2/bwb_mth.c:1818:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in fnc_cvs(): string <%s> hex vals <%X><%X><%X><%X>",
data/bwbasic-2.20pl2/bwb_ops.c:368:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in op_isoperator(): found match <%s>",
data/bwbasic-2.20pl2/bwb_prn.c:342:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_xprint(): Found USING, format string <%s>",
data/bwbasic-2.20pl2/bwb_prn.c:400:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_xprint(): bstring name is <%s>",
data/bwbasic-2.20pl2/bwb_prn.c:412:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_xprint(): element <%s>",
data/bwbasic-2.20pl2/bwb_prn.c:444:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( output_string, "%s", element );
data/bwbasic-2.20pl2/bwb_prn.c:448:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_xprint(): output string <%s>",
data/bwbasic-2.20pl2/bwb_prn.c:537:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( output_string,
data/bwbasic-2.20pl2/bwb_prn.c:572:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_xprint(): output number <%f> string <%s>",
data/bwbasic-2.20pl2/bwb_prn.c:720:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in get_prnfmt(): loop, buffer <%s>",
data/bwbasic-2.20pl2/bwb_prn.c:1350:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "DEBUG %s\n", message );
data/bwbasic-2.20pl2/bwb_prn.c:1607:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "%s %s", CMD_GOSUB, err_gosubl );
data/bwbasic-2.20pl2/bwb_prn.c:1847:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_write(): output string element <\"%s\">",
data/bwbasic-2.20pl2/bwb_prn.c:1864:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_write(): output numerical element <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:261:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in scan_getcmd(): scanning element <%s>", tbuf );
data/bwbasic-2.20pl2/bwb_stc.c:270:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in scan_getcmd(): found label <%s>", tbuf );
data/bwbasic-2.20pl2/bwb_stc.c:326:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in adv_element(): receieved <%s>.", &( buffer[ *pos ] ));
data/bwbasic-2.20pl2/bwb_stc.c:451:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in fslt_add(): adding SUB/FUNCTION/LABEL code <%d> name <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:469:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( name, tbuf );
data/bwbasic-2.20pl2/bwb_stc.c:491:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in fslt_add(): current buffer <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:514:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in fslt_add(): added function-name variable <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:558:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in scan_readargs(): reading arguments, buffer <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:598:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in scan_readargs(): read argument <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:654:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in call_readargs(): reading arguments, buffer <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:677:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in call_readargs(): in loop, buffer <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:709:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in call_readargs(): in loop, tbuf <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:756:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in call_readargs(): variable name is <%s>, local name <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:772:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in call_readargs(): in loop, parse expression <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:780:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in call_readargs(): in loop, parsed expression, buffer <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:798:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in call_readargs(): added arg <%d> (single) name <%s> value <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:803:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in call_readargs(): added arg <%d> (expression) name <%s> value <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:894:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in fslt_findf(): search for name <%s>", buffer );
data/bwbasic-2.20pl2/bwb_stc.c:911:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in fslt_findf(): failed to find Function/Subroutine <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:1057:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_call(): call to subroutine <%s>", tbuf );
data/bwbasic-2.20pl2/bwb_stc.c:1072:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_call(): found line <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:1402:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in find_label(): found label <%s>", buffer );
data/bwbasic-2.20pl2/bwb_stc.c:1410:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in find_label(): failed to find label <%s>", buffer );
data/bwbasic-2.20pl2/bwb_stc.c:1814:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_vtov(): mismatch src <%s> type <%d> dst <%s> type <%d>",
data/bwbasic-2.20pl2/bwb_stc.c:1827:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_vtov(): assigning var <%s> val <%lf> to var <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:1917:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in var_pos(): returning pos <%d> variable <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:2005:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_ufnc(): found user function <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:2015:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_ufnc(): call to function <%s>", tbuf );
data/bwbasic-2.20pl2/bwb_stc.c:2022:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_ufnc(): found line <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:2045:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_ufnc(): <%s> attached local variables EXEC level <%d>",
data/bwbasic-2.20pl2/bwb_stc.c:2050:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_ufnc(): <%s> level <%d> variable <%d> name <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:2063:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_ufnc(): current buffer <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:2085:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_ufnc(): single line: parse <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:2109:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_ufnc(): single line after parsing, <%s>",
data/bwbasic-2.20pl2/bwb_stc.c:2169:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in exp_ufnc(): string assigned <%s>", tbuf );
data/bwbasic-2.20pl2/bwb_stc.c:2238:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in fslt_addlocalvar(): added local variable variable <%s> arg number <%d>",
data/bwbasic-2.20pl2/bwb_stc.c:2291:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in is_label(): check element <%s>", buffer );
data/bwbasic-2.20pl2/bwb_str.c:64:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "in str_btob(): entry, source b string name is <%s>", s->name );
data/bwbasic-2.20pl2/bwb_str.c:66:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "in str_btob(): entry, destination b string name is <%s>", d->name );
data/bwbasic-2.20pl2/bwb_str.c:147:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in str_btob(): exit length <%d> string <%s>",
data/bwbasic-2.20pl2/bwb_str.c:181:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "in str_ctob(): entry, c string is <%s>", buffer );
data/bwbasic-2.20pl2/bwb_str.c:185:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "in str_ctob(): entry, b string name is <%s>", s->name );
data/bwbasic-2.20pl2/bwb_str.c:263:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in str_ctob(): exit length <%d> string <%s>",
data/bwbasic-2.20pl2/bwb_str.c:301:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "in str_btoc(): entry, b string name is <%s>", s->name );
data/bwbasic-2.20pl2/bwb_str.c:319:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "in str_btoc(): exit, c string is <%s>", buffer );
data/bwbasic-2.20pl2/bwb_str.c:357:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in str_cat(): a <%s> b <%s>", abuf, bbuf );
data/bwbasic-2.20pl2/bwb_str.c:361:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( abuf, bbuf );
data/bwbasic-2.20pl2/bwb_str.c:365:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in str_cat(): returns <%s>", abuf );
data/bwbasic-2.20pl2/bwb_var.c:285:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_swap(): buffer is <%s>",
data/bwbasic-2.20pl2/bwb_var.c:295:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_swap(): tbuf is <%s>", tbuf );
data/bwbasic-2.20pl2/bwb_var.c:306:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_swap(): lhs variable <%s> found",
data/bwbasic-2.20pl2/bwb_var.c:325:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_swap(): buffer is now <%s>",
data/bwbasic-2.20pl2/bwb_var.c:333:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_swap(): tbuf is <%s>", tbuf );
data/bwbasic-2.20pl2/bwb_var.c:749:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_mid(): variable <%s> has 1 dimension",
data/bwbasic-2.20pl2/bwb_var.c:760:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_mid(): variable <%s> has > 1 dimensions",
data/bwbasic-2.20pl2/bwb_var.c:968:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in var_defx(): calling var_find() for <%s>",
data/bwbasic-2.20pl2/bwb_var.c:1014:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in var_letseq(): buffer <%s>", &( buffer[ *position ] ));
data/bwbasic-2.20pl2/bwb_var.c:1196:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_getvarname(): found <%s>", sb );
data/bwbasic-2.20pl2/bwb_var.c:1226:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in var_find(): received <%s>", buffer );
data/bwbasic-2.20pl2/bwb_var.c:1252:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in var_find(): inappropriate precision for variable <%s>",
data/bwbasic-2.20pl2/bwb_var.c:1259:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in var_find(): found global variable <%s>", v->name );
data/bwbasic-2.20pl2/bwb_var.c:1296:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in var_find(): initialized new variable <%s> type <%c>, dim <%d>",
data/bwbasic-2.20pl2/bwb_var.c:1337:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( v->name, name );
data/bwbasic-2.20pl2/bwb_var.c:1534:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_dim(): new variable name is <%s>.",
data/bwbasic-2.20pl2/bwb_var.c:1559:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_dim(): variable <%s> cannot be re-dimensioned",
data/bwbasic-2.20pl2/bwb_var.c:1572:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_dim(): old var <%s> parameter <%d> size <%d>.",
data/bwbasic-2.20pl2/bwb_var.c:1579:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_dim(): variable <%s> parameter <%d> cannot be resized",
data/bwbasic-2.20pl2/bwb_var.c:1602:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in line %d: Failed to find memory for array_sizes for <%s>",
data/bwbasic-2.20pl2/bwb_var.c:1627:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in line %d: Failed to find memory for array_pos for <%s>",
data/bwbasic-2.20pl2/bwb_var.c:1673:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in line %d: Failed to find memory for array <%s>",
data/bwbasic-2.20pl2/bwb_var.c:1697:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in line %d: Failed to find memory for array <%s>",
data/bwbasic-2.20pl2/bwb_var.c:1742:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_dim(): unexpected end of string, buf <%s>",
data/bwbasic-2.20pl2/bwb_var.c:1796:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf,
data/bwbasic-2.20pl2/bwb_var.c:2060:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "at line %d: Unknown statement <%s> following OPTION.",
data/bwbasic-2.20pl2/bwb_var.c:2147:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf ( bwb_ebuf, "in var_findnval(): Variable <%s> is not a number.",
data/bwbasic-2.20pl2/bwb_var.c:2211:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in var_findsval(): entered, var <%s>", v->name );
data/bwbasic-2.20pl2/bwb_var.c:2220:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf ( bwb_ebuf, "in var_findsval(): Variable <%s> is not a string.", v->name );
data/bwbasic-2.20pl2/bwb_var.c:2281:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in dim_check(): var <%s> dimensions <%d>",
data/bwbasic-2.20pl2/bwb_var.c:2295:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in dim_check(): numerical var <%s> memnum not allocated",
data/bwbasic-2.20pl2/bwb_var.c:2307:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in dim_check(): string var <%s> memstr not allocated",
data/bwbasic-2.20pl2/bwb_var.c:2324:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in dim_check(): array subscript var <%s> pos <%d> val <%d> out of range <%d>-<%d>.",
data/bwbasic-2.20pl2/bwb_var.c:2467:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in var_make(): made variable <%s> type <%c> pos[ 0 ] <%d>",
data/bwbasic-2.20pl2/bwb_var.c:2478:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in var_make(): new string variable <%s>",
data/bwbasic-2.20pl2/bwb_var.c:2517:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in var_islocal(): check for local variable <%s> EXEC level <%d>",
data/bwbasic-2.20pl2/bwb_var.c:2528:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in var_islocal(): checking var <%s> level <%d>...",
data/bwbasic-2.20pl2/bwb_var.c:2543:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in var_islocal(): inappropriate precision for variable <%s>",
data/bwbasic-2.20pl2/bwb_var.c:2551:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in var_islocal(): found local variable <%s>", v->name );
data/bwbasic-2.20pl2/bwb_var.c:2563:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in var_islocal(): Failed to find local variable <%s> level <%d>",
data/bwbasic-2.20pl2/bwb_var.c:2601:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "variable <%s>\t", v->name );
data/bwbasic-2.20pl2/bwb_var.c:2607:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "STRING\tval: <%s>\n", tbuf );
data/bwbasic-2.20pl2/bwbasic.c:323:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "Failed to redirect error messages to file <%s>\n",
data/bwbasic-2.20pl2/bwbasic.c:330:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "NOTE: Error messages are redirected to file <%s>\n",
data/bwbasic-2.20pl2/bwbasic.c:360:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_init(): marked variable <%s> preset TRUE",
data/bwbasic-2.20pl2/bwbasic.c:414:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( CURTASK progfile, argv[ 1 ] ); /* JBV */
data/bwbasic-2.20pl2/bwbasic.c:421:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( bwb_ebuf, err_openfile, argv[ 1 ] );
data/bwbasic-2.20pl2/bwbasic.c:429:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in main(): progfile is <%s>.", CURTASK progfile );
data/bwbasic-2.20pl2/bwbasic.c:482:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tbuf, read_line);
data/bwbasic-2.20pl2/bwbasic.c:483:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(read_line, "delete %s\0", tbuf);
data/bwbasic-2.20pl2/bwbasic.c:571:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_ladd(): add line <%s>",
data/bwbasic-2.20pl2/bwbasic.c:746:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_ladd(): added new line <%d> buffer <%s>",
data/bwbasic-2.20pl2/bwbasic.c:763:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( bwb_ebuf, ERR_LINENO );
data/bwbasic-2.20pl2/bwbasic.c:798:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_xtxtline(): received <%s>", buffer );
data/bwbasic-2.20pl2/bwbasic.c:862:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_xtxtline(): copied to line buffer <%s>.",
data/bwbasic-2.20pl2/bwbasic.c:1105:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_execline(): buffer <%s>",
data/bwbasic-2.20pl2/bwbasic.c:1190:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_execline(): executing <%s>", l->buffer );
data/bwbasic-2.20pl2/bwbasic.c:1207:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "Breaking out to shell, line num <%d> buf <%s> cmd <%d> pos <%d>",
data/bwbasic-2.20pl2/bwbasic.c:1301:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( l->buffer, s );
data/bwbasic-2.20pl2/bwbasic.c:1304:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in ln_asbuf(): allocated buffer <%s>", l->buffer );
data/bwbasic-2.20pl2/bwbasic.c:1349:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( ubuf, "TASK %d %s", bwb_curtask, tbuf );
data/bwbasic-2.20pl2/bwbasic.c:1350:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( tbuf, ubuf );
data/bwbasic-2.20pl2/bwbasic.c:1400:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp_buffer, "\r%s %d\n", MES_BREAK, CURTASK number );
data/bwbasic-2.20pl2/bwx_iqc.c:132:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "\r%s %s\n", MES_SIGNON, VERSION );
data/bwbasic-2.20pl2/bwx_iqc.c:134:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "\r%s\n", MES_COPYRIGHT );
data/bwbasic-2.20pl2/bwx_iqc.c:136:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "\r%s\n", MES_COPYRIGHT_2 ); /* JBV 1/97 */
data/bwbasic-2.20pl2/bwx_iqc.c:139:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "\r%s\n", "Debugging Mode" );
data/bwbasic-2.20pl2/bwx_iqc.c:142:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "\r%s\n", MES_LANGUAGE );
data/bwbasic-2.20pl2/bwx_iqc.c:214:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "\n%s: %s\n", ERRD_HEADER, m );
data/bwbasic-2.20pl2/bwx_iqc.c:218:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "\n%s %d: %s\n", ERROR_HEADER, CURTASK number, m );
data/bwbasic-2.20pl2/bwx_iqc.c:328:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwx_shell(): line buffer is <%s>.", l->buffer );
data/bwbasic-2.20pl2/bwx_iqc.c:338:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwx_shell(): no line number, command <%s>.",
data/bwbasic-2.20pl2/bwx_iqc.c:343:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ( system( l->buffer ) == 0 )
data/bwbasic-2.20pl2/bwx_iqc.c:360:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwx_shell(): line number, command <%s>.",
data/bwbasic-2.20pl2/bwx_iqc.c:365:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ( system( &( l->buffer[ position ] ) ) == 0 )
data/bwbasic-2.20pl2/bwx_iqc.c:431:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "%s %s", edname, CURTASK progfile );
data/bwbasic-2.20pl2/bwx_iqc.c:434:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_edit(): command line <%s>", tbuf );
data/bwbasic-2.20pl2/bwx_iqc.c:437:4: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system( tbuf );
data/bwbasic-2.20pl2/bwx_iqc.c:444:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( bwb_ebuf, err_openfile, CURTASK progfile );
data/bwbasic-2.20pl2/bwx_iqc.c:489:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "renum %s\0", CURTASK progfile );
data/bwbasic-2.20pl2/bwx_iqc.c:492:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_renum(): command line <%s>", tbuf );
data/bwbasic-2.20pl2/bwx_iqc.c:495:4: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system( tbuf );
data/bwbasic-2.20pl2/bwx_iqc.c:502:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( bwb_ebuf, err_openfile, CURTASK progfile );
data/bwbasic-2.20pl2/bwx_iqc.c:564:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "%s %s", finame, argument );
data/bwbasic-2.20pl2/bwx_iqc.c:567:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_files(): command line <%s>", tbuf );
data/bwbasic-2.20pl2/bwx_iqc.c:570:4: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system( tbuf );
data/bwbasic-2.20pl2/bwx_ncu.c:128:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "\r%s %s\n", MES_SIGNON, VERSION );
data/bwbasic-2.20pl2/bwx_ncu.c:130:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "\r%s\n", MES_COPYRIGHT );
data/bwbasic-2.20pl2/bwx_ncu.c:132:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "\r%s\n", MES_COPYRIGHT_2 ); /* JBV 1/97 */
data/bwbasic-2.20pl2/bwx_ncu.c:135:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "\r%s\n", "Debugging Mode" );
data/bwbasic-2.20pl2/bwx_ncu.c:138:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "\r%s\n", MES_LANGUAGE );
data/bwbasic-2.20pl2/bwx_ncu.c:204:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "\n%s: %s\n", ERRD_HEADER, m );
data/bwbasic-2.20pl2/bwx_ncu.c:208:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "\n%s %d: %s\n", ERROR_HEADER, CURTASK number, m );
data/bwbasic-2.20pl2/bwx_ncu.c:310:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwx_shell(): line buffer is <%s>.", l->buffer );
data/bwbasic-2.20pl2/bwx_ncu.c:320:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwx_shell(): no line number, command <%s>.",
data/bwbasic-2.20pl2/bwx_ncu.c:326:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ( system( l->buffer ) == 0 )
data/bwbasic-2.20pl2/bwx_ncu.c:347:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwx_shell(): line number, command <%s>.",
data/bwbasic-2.20pl2/bwx_ncu.c:353:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ( system( &( l->buffer[ position ] ) ) == 0 )
data/bwbasic-2.20pl2/bwx_ncu.c:414:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "%s %s", edname, CURTASK progfile );
data/bwbasic-2.20pl2/bwx_ncu.c:417:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_edit(): command line <%s>", tbuf );
data/bwbasic-2.20pl2/bwx_ncu.c:422:4: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system( tbuf );
data/bwbasic-2.20pl2/bwx_ncu.c:438:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( bwb_ebuf, err_openfile, CURTASK progfile );
data/bwbasic-2.20pl2/bwx_ncu.c:483:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "renum %s\0", CURTASK progfile );
data/bwbasic-2.20pl2/bwx_ncu.c:486:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_renum(): command line <%s>", tbuf );
data/bwbasic-2.20pl2/bwx_ncu.c:491:4: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system( tbuf );
data/bwbasic-2.20pl2/bwx_ncu.c:507:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( bwb_ebuf, err_openfile, CURTASK progfile );
data/bwbasic-2.20pl2/bwx_ncu.c:569:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "%s %s", finame, argument );
data/bwbasic-2.20pl2/bwx_ncu.c:572:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_files(): command line <%s>", tbuf );
data/bwbasic-2.20pl2/bwx_ncu.c:577:4: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system( tbuf );
data/bwbasic-2.20pl2/bwx_tty.c:116:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "\r%s %s\n", MES_SIGNON, VERSION );
data/bwbasic-2.20pl2/bwx_tty.c:118:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "\r%s\n", MES_COPYRIGHT );
data/bwbasic-2.20pl2/bwx_tty.c:120:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "\r%s\n", MES_COPYRIGHT_2 ); /* JBV 1/97 */
data/bwbasic-2.20pl2/bwx_tty.c:123:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "\r%s\n", "Debugging Mode" );
data/bwbasic-2.20pl2/bwx_tty.c:126:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "\r%s\n", MES_LANGUAGE );
data/bwbasic-2.20pl2/bwx_tty.c:214:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "\n%s: %s\n", ERRD_HEADER, m );
data/bwbasic-2.20pl2/bwx_tty.c:218:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "\n%s %d: %s\n", ERROR_HEADER, CURTASK number, m );
data/bwbasic-2.20pl2/bwx_tty.c:324:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwx_shell(): line buffer is <%s>.", l->buffer );
data/bwbasic-2.20pl2/bwx_tty.c:334:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwx_shell(): no line number, command <%s>.",
data/bwbasic-2.20pl2/bwx_tty.c:339:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ( system( l->buffer ) == 0 )
data/bwbasic-2.20pl2/bwx_tty.c:354:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwx_shell(): line number, command <%s>.",
data/bwbasic-2.20pl2/bwx_tty.c:359:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ( system( &( l->buffer[ position ] ) ) == 0 )
data/bwbasic-2.20pl2/bwx_tty.c:429:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "%s %s", edname, CURTASK progfile );
data/bwbasic-2.20pl2/bwx_tty.c:432:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_edit(): command line <%s>", tbuf );
data/bwbasic-2.20pl2/bwx_tty.c:435:4: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system( tbuf );
data/bwbasic-2.20pl2/bwx_tty.c:442:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( bwb_ebuf, err_openfile, CURTASK progfile );
data/bwbasic-2.20pl2/bwx_tty.c:485:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "renum %s\0", CURTASK progfile );
data/bwbasic-2.20pl2/bwx_tty.c:488:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_renum(): command line <%s>", tbuf );
data/bwbasic-2.20pl2/bwx_tty.c:491:4: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system( tbuf );
data/bwbasic-2.20pl2/bwx_tty.c:498:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( bwb_ebuf, err_openfile, CURTASK progfile );
data/bwbasic-2.20pl2/bwx_tty.c:569:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tbuf, "%s %s", finame, argument );
data/bwbasic-2.20pl2/bwx_tty.c:572:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( bwb_ebuf, "in bwb_files(): command line <%s>", tbuf );
data/bwbasic-2.20pl2/bwx_tty.c:575:4: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system( tbuf );
data/bwbasic-2.20pl2/renum.c:32:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (argc > 1) strcpy(pstr, argv[1]);
data/bwbasic-2.20pl2/renum.c:48:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(f9str, pstr);
data/bwbasic-2.20pl2/renum.c:297:19: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rstr, midstr1(pstr, b));
data/bwbasic-2.20pl2/renum.c:298:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pstr, rstr);
data/bwbasic-2.20pl2/renum.c:428:37: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempstr, midstr2(pstr, 1, p8 - 1));
data/bwbasic-2.20pl2/renum.c:429:37: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tempstr, rstr);
data/bwbasic-2.20pl2/renum.c:430:37: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pstr, tempstr);
data/bwbasic-2.20pl2/renum.c:434:37: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempstr, midstr2(pstr, 1, p8 - 1));
data/bwbasic-2.20pl2/renum.c:435:37: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tempstr, rstr);
data/bwbasic-2.20pl2/renum.c:436:37: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tempstr, midstr1(pstr, p9 + 1));
data/bwbasic-2.20pl2/renum.c:437:37: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pstr, tempstr);
data/bwbasic-2.20pl2/renum.c:473:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstr, "mv editfl %s\0", f9str);
data/bwbasic-2.20pl2/renum.c:474:4: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(tempstr);
data/bwbasic-2.20pl2/renum.c:497:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempstr, astr);
data/bwbasic-2.20pl2/renum.c:511:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempstr, astr);
data/bwbasic-2.20pl2/bwb_cmd.c:2038:4: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand( n );
data/bwbasic-2.20pl2/bwb_fnc.c:1444:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv( tbuf ) != NULL) strncpy( tmp, getenv( tbuf ), sizeof(tmp)-1);
data/bwbasic-2.20pl2/bwb_fnc.c:1444:46: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv( tbuf ) != NULL) strncpy( tmp, getenv( tbuf ), sizeof(tmp)-1);
data/bwbasic-2.20pl2/bwb_cmd.c:68:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_gosubl[ MAXVARNAMESIZE + 1 ] = { '\0' }; /* line for error GOSUB */
data/bwbasic-2.20pl2/bwb_cmd.c:105:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_null(): NULL command" );
data/bwbasic-2.20pl2/bwb_cmd.c:137:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_rem(): REM command" );
data/bwbasic-2.20pl2/bwb_cmd.c:204:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_cmd.c:220:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_go(): Nonsense following GO" );
data/bwbasic-2.20pl2/bwb_cmd.c:251:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_cmd.c:254:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_goto(): entered function" );
data/bwbasic-2.20pl2/bwb_cmd.c:302:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( x->number == atoi( tbuf ) )
data/bwbasic-2.20pl2/bwb_cmd.c:308:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_goto(): returning line <%d>", x->number );
data/bwbasic-2.20pl2/bwb_cmd.c:322:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( x->number == atoi( tbuf ) )
data/bwbasic-2.20pl2/bwb_cmd.c:328:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_goto(): returning line <%d>", x->number );
data/bwbasic-2.20pl2/bwb_cmd.c:339:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sprintf( bwb_ebuf, err_lnnotfound, atoi( tbuf ) );
data/bwbasic-2.20pl2/bwb_cmd.c:366:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_cmd.c:423:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( x->number == atoi( atbuf ))
data/bwbasic-2.20pl2/bwb_cmd.c:449:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sprintf( bwb_ebuf, err_lnnotfound, atoi( atbuf ) );
data/bwbasic-2.20pl2/bwb_cmd.c:478:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_return() at line <%d> cmdnum <%d>",
data/bwbasic-2.20pl2/bwb_cmd.c:553:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname[ MAXVARNAMESIZE + 1 ];
data/bwbasic-2.20pl2/bwb_cmd.c:554:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_cmd.c:562:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[ 7 ];
data/bwbasic-2.20pl2/bwb_cmd.c:598:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_on(): detected ON ERROR" );
data/bwbasic-2.20pl2/bwb_cmd.c:612:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_on(): value is <%d>", v );
data/bwbasic-2.20pl2/bwb_cmd.c:647:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lines[ num_lines ] = atoi( tbuf );
data/bwbasic-2.20pl2/bwb_cmd.c:691:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_on(): executing ON...GOTO" );
data/bwbasic-2.20pl2/bwb_cmd.c:704:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_on(): returning line <%d>", x->number );
data/bwbasic-2.20pl2/bwb_cmd.c:729:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_on(): executing ON...GOSUB" );
data/bwbasic-2.20pl2/bwb_cmd.c:775:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_on(): invalid value for command." );
data/bwbasic-2.20pl2/bwb_cmd.c:840:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_cmd.c:844:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_xend(): entered funtion" );
data/bwbasic-2.20pl2/bwb_cmd.c:903:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_cmd.c:969:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_cmd.c:995:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_run(): no argument; begin at start.next" );
data/bwbasic-2.20pl2/bwb_cmd.c:1012:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( input = fopen( tbuf, "r" )) == NULL ) /* open file */
data/bwbasic-2.20pl2/bwb_cmd.c:1065:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_run(): ready to run starting at line %d",
data/bwbasic-2.20pl2/bwb_cmd.c:1082:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_run(): function complete." );
data/bwbasic-2.20pl2/bwb_cmd.c:1243:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_xload(): Missing filespec" );
data/bwbasic-2.20pl2/bwb_cmd.c:1256:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( loadfile = fopen( CURTASK progfile, "r" )) == NULL )
data/bwbasic-2.20pl2/bwb_cmd.c:1291:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[ MAXARGSIZE ];
data/bwbasic-2.20pl2/bwb_cmd.c:1295:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_save(): entered function." );
data/bwbasic-2.20pl2/bwb_cmd.c:1320:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_save(): Missing filespec" );
data/bwbasic-2.20pl2/bwb_cmd.c:1333:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( outfile = fopen( filename, "w" )) == NULL )
data/bwbasic-2.20pl2/bwb_cmd.c:1430:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_xlist(): LBUFFER sequence is %d-%d", s, e );
data/bwbasic-2.20pl2/bwb_cmd.c:1456:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_xlist(): start line number is <%d>",
data/bwbasic-2.20pl2/bwb_cmd.c:1484:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_xlist(): end line number is <%d>",
data/bwbasic-2.20pl2/bwb_cmd.c:1500:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_xlist(): line sequence is <%d-%d>",
data/bwbasic-2.20pl2/bwb_cmd.c:1513:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_xlist(): start == end" );
data/bwbasic-2.20pl2/bwb_cmd.c:1550:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_cmd.c:1616:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_delete(): LBUFFER sequence is %d-%d", s, e );
data/bwbasic-2.20pl2/bwb_cmd.c:1643:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_delete(): start line number is <%d>",
data/bwbasic-2.20pl2/bwb_cmd.c:1673:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_delete(): end line number is <%d>",
data/bwbasic-2.20pl2/bwb_cmd.c:1699:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_delete(): deleting line %d",
data/bwbasic-2.20pl2/bwb_cmd.c:1895:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_cmd.c:1898:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_onerror(): entered function" );
data/bwbasic-2.20pl2/bwb_cmd.c:1912:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_onerror(): GOSUB statement missing" );
data/bwbasic-2.20pl2/bwb_cmd.c:2034:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_randomize(): argument is <%d>", n );
data/bwbasic-2.20pl2/bwb_cmd.c:2106:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_cmd.c:2107:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_cmd.c:2143:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_environ(): failed to find equal sign" );
data/bwbasic-2.20pl2/bwb_cmd.c:2216:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_cnd.c:107:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_cnd.c:124:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_if(): recursive call, l = &gline" );
data/bwbasic-2.20pl2/bwb_cnd.c:135:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_if(): line <%d> condition returns <%d>",
data/bwbasic-2.20pl2/bwb_cnd.c:159:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_if(): found multi-line IF statement, line <%d>",
data/bwbasic-2.20pl2/bwb_cnd.c:217:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_if(): expression is TRUE" );
data/bwbasic-2.20pl2/bwb_cnd.c:224:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_if(): IF without THEN" );
data/bwbasic-2.20pl2/bwb_cnd.c:241:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
glnumber = atoi( tbuf );
data/bwbasic-2.20pl2/bwb_cnd.c:244:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Detected THEN followed by line number <%d>",
data/bwbasic-2.20pl2/bwb_cnd.c:273:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_if(): expression is FALSE" );
data/bwbasic-2.20pl2/bwb_cnd.c:318:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_cnd.c:354:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in cnd_thenels(): THEN found at position <%d>.",
data/bwbasic-2.20pl2/bwb_cnd.c:367:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in cnd_thenels(): ELSE found at position <%d>.",
data/bwbasic-2.20pl2/bwb_cnd.c:382:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in cnd_thenels(): return: end of string" );
data/bwbasic-2.20pl2/bwb_cnd.c:446:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_else(): entered function" );
data/bwbasic-2.20pl2/bwb_cnd.c:476:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_else(): no EXEC_IFTRUE or EXEC_IFFALSE" );
data/bwbasic-2.20pl2/bwb_cnd.c:498:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_else(): ELSE without IF" );
data/bwbasic-2.20pl2/bwb_cnd.c:533:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_elseif(): entered function" );
data/bwbasic-2.20pl2/bwb_cnd.c:589:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_elseif(): ELSEIF without IF" );
data/bwbasic-2.20pl2/bwb_cnd.c:625:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_endif(): entered function" );
data/bwbasic-2.20pl2/bwb_cnd.c:633:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_endif(): END IF without IF" );
data/bwbasic-2.20pl2/bwb_cnd.c:695:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in find_endif(): found IF at line %d, level %d",
data/bwbasic-2.20pl2/bwb_cnd.c:706:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in find_endif(): found END IF at line %d, level %d",
data/bwbasic-2.20pl2/bwb_cnd.c:734:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Multiline IF without END IF" );
data/bwbasic-2.20pl2/bwb_cnd.c:763:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXVARNAMESIZE + 1];
data/bwbasic-2.20pl2/bwb_cnd.c:804:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_cnd.c:808:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_select(): entered function" );
data/bwbasic-2.20pl2/bwb_cnd.c:819:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "SELECT without CASE" );
data/bwbasic-2.20pl2/bwb_cnd.c:838:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &( CURTASK excs[ CURTASK exsc ].expression ), e,
data/bwbasic-2.20pl2/bwb_cnd.c:884:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_cnd.c:889:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf1[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_cnd.c:890:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf2[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_cnd.c:893:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_case(): entered function" );
data/bwbasic-2.20pl2/bwb_cnd.c:902:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_case(): exit EXEC_SELTRUE" );
data/bwbasic-2.20pl2/bwb_cnd.c:929:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_case(): execute CASE ELSE" );
data/bwbasic-2.20pl2/bwb_cnd.c:940:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &minvalue, minval, sizeof( struct exp_ese ) );
data/bwbasic-2.20pl2/bwb_cnd.c:960:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_case(): string comparison returns TRUE" );
data/bwbasic-2.20pl2/bwb_cnd.c:974:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_case(): string comparison returns FALSE" );
data/bwbasic-2.20pl2/bwb_cnd.c:1000:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "CASE has inexplicable code following expression" );
data/bwbasic-2.20pl2/bwb_cnd.c:1024:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_case(): evaluation returns TRUE" );
data/bwbasic-2.20pl2/bwb_cnd.c:1040:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_case(): evaluation returns FALSE" );
data/bwbasic-2.20pl2/bwb_cnd.c:1068:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_cnd.c:1144:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in case_eval(): n <%f> min <%f> max <%f>",
data/bwbasic-2.20pl2/bwb_cnd.c:1206:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in find_case(): found SELECT at line %d, level %d",
data/bwbasic-2.20pl2/bwb_cnd.c:1217:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in find_endif(): found END SELECT at line %d, level %d",
data/bwbasic-2.20pl2/bwb_cnd.c:1233:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in find_case(): found CASE at line %d, level %d",
data/bwbasic-2.20pl2/bwb_cnd.c:1247:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "SELECT without CASE" );
data/bwbasic-2.20pl2/bwb_cnd.c:1302:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in find_case(): found SELECT at line %d, level %d",
data/bwbasic-2.20pl2/bwb_cnd.c:1313:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in find_endif(): found END SELECT at line %d, level %d",
data/bwbasic-2.20pl2/bwb_cnd.c:1327:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "SELECT without END SELECT" );
data/bwbasic-2.20pl2/bwb_cnd.c:1356:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXVARNAMESIZE + 1];
data/bwbasic-2.20pl2/bwb_cnd.c:1399:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_endselect(): entered function" );
data/bwbasic-2.20pl2/bwb_cnd.c:1407:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_endselect(): END SELECT without SELECT" );
data/bwbasic-2.20pl2/bwb_cnd.c:1483:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_while(): initialize WHILE loop, line <%d>",
data/bwbasic-2.20pl2/bwb_cnd.c:1492:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_while(): return to WHILE loop, line <%d>",
data/bwbasic-2.20pl2/bwb_cnd.c:1555:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_wend(): exec stack code != EXEC_WHILE" );
data/bwbasic-2.20pl2/bwb_cnd.c:1565:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_wend(): exec stack while_line == NULL" );
data/bwbasic-2.20pl2/bwb_cnd.c:1575:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_wend() return to line <%d>",
data/bwbasic-2.20pl2/bwb_cnd.c:1632:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in find_wend(): found WHILE at line %d, level %d",
data/bwbasic-2.20pl2/bwb_cnd.c:1643:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in find_wend(): found WEND at line %d, level %d",
data/bwbasic-2.20pl2/bwb_cnd.c:1657:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in find_wend(): WHILE without WEND" );
data/bwbasic-2.20pl2/bwb_cnd.c:1714:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in find_loop(): found DO at line %d, level %d",
data/bwbasic-2.20pl2/bwb_cnd.c:1725:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fnd_loop(): found LOOP at line %d, level %d",
data/bwbasic-2.20pl2/bwb_cnd.c:1739:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in find_loop(): DO without LOOP" );
data/bwbasic-2.20pl2/bwb_cnd.c:1781:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_cnd.c:1831:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "FOR statement without TO" );
data/bwbasic-2.20pl2/bwb_cnd.c:1862:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_for(): initial value <%d> pos <%d>",
data/bwbasic-2.20pl2/bwb_cnd.c:1915:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_for(): target value <%d> pos <%d>",
data/bwbasic-2.20pl2/bwb_cnd.c:1955:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_for(): step value <%d>",
data/bwbasic-2.20pl2/bwb_cnd.c:1983:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_for(): setting code to EXEC_FOR",
data/bwbasic-2.20pl2/bwb_cnd.c:1991:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_for(): ready to exit, position <%d>",
data/bwbasic-2.20pl2/bwb_cnd.c:2022:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_cnd.c:2026:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_next(): entered function, cmdnum <%d> exsc level <%d> code <%d>",
data/bwbasic-2.20pl2/bwb_cnd.c:2036:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_next(): NEXT without FOR; code is <%d> instead of <%d>",
data/bwbasic-2.20pl2/bwb_cnd.c:2094:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_next(): end of loop" );
data/bwbasic-2.20pl2/bwb_cnd.c:2115:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_next(): end of loop" );
data/bwbasic-2.20pl2/bwb_cnd.c:2131:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_next(): resetting code to EXEC_FOR",
data/bwbasic-2.20pl2/bwb_cnd.c:2182:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_exitfor(): entered subroutine" );
data/bwbasic-2.20pl2/bwb_cnd.c:2208:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_exitfor(): EXIT FOR without FOR" );
data/bwbasic-2.20pl2/bwb_cnd.c:2219:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_exitfor(): level found is <%d>, current <%d>",
data/bwbasic-2.20pl2/bwb_cnd.c:2286:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in find_next(): found FOR at line %d, level %d",
data/bwbasic-2.20pl2/bwb_cnd.c:2297:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in find_next(): found NEXT at line %d, level %d",
data/bwbasic-2.20pl2/bwb_cnd.c:2306:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in find_next(): found returning line <%d>",
data/bwbasic-2.20pl2/bwb_cnd.c:2318:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "FOR without NEXT" );
data/bwbasic-2.20pl2/bwb_cnd.c:2354:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_cnd.c:2386:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in cnd_tostep(): TO found at position <%d>.",
data/bwbasic-2.20pl2/bwb_cnd.c:2397:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in cnd_tostep(): STEP found at position <%d>.",
data/bwbasic-2.20pl2/bwb_dio.c:93:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_dio.c:94:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_dio.c:95:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_dio.c:154:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_open(): syntax 1, req dev number is %d",
data/bwbasic-2.20pl2/bwb_dio.c:208:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_open(): syntax 1, record length is %d",
data/bwbasic-2.20pl2/bwb_dio.c:245:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_open(): invalid mode" );
data/bwbasic-2.20pl2/bwb_dio.c:253:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_open(): syntax 1, mode is %d", mode );
data/bwbasic-2.20pl2/bwb_dio.c:318:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_open(): syntax 2, mode is %d", mode );
data/bwbasic-2.20pl2/bwb_dio.c:367:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_open(): syntax 2, req dev number is %d",
data/bwbasic-2.20pl2/bwb_dio.c:409:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_open(): syntax 2, record length is %d",
data/bwbasic-2.20pl2/bwb_dio.c:433:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_open(): using previously closed file (and buffer)" );
data/bwbasic-2.20pl2/bwb_dio.c:470:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( devname, "w" );
data/bwbasic-2.20pl2/bwb_dio.c:473:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( devname, "r" );
data/bwbasic-2.20pl2/bwb_dio.c:476:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( devname, "a" );
data/bwbasic-2.20pl2/bwb_dio.c:479:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( devname, "r+" );
data/bwbasic-2.20pl2/bwb_dio.c:482:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( devname, "w" );
data/bwbasic-2.20pl2/bwb_dio.c:484:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( devname, "r+" );
data/bwbasic-2.20pl2/bwb_dio.c:537:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_open(): allocated new random-access buffer" );
data/bwbasic-2.20pl2/bwb_dio.c:544:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_open(): file is open now; end of function" );
data/bwbasic-2.20pl2/bwb_dio.c:574:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_dio.c:636:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_close(): requested device number <%d>",
data/bwbasic-2.20pl2/bwb_dio.c:666:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_close(): closing device# <%d>",
data/bwbasic-2.20pl2/bwb_dio.c:1191:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_dio.c:1226:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_field(): device <%d>", dev_number );
data/bwbasic-2.20pl2/bwb_dio.c:1438:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname[ MAXVARNAMESIZE + 1 ];
data/bwbasic-2.20pl2/bwb_dio.c:1456:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in dio_lrset(): failed to find variable" );
data/bwbasic-2.20pl2/bwb_dio.c:1466:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in dio_lrset(): assignment must be to string variable" );
data/bwbasic-2.20pl2/bwb_dio.c:1513:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in dio_lrset(): failed to find equal sign" );
data/bwbasic-2.20pl2/bwb_dio.c:1539:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in dio_lrset(): startpos <%d> buffer <%lX>",
data/bwbasic-2.20pl2/bwb_dio.c:1583:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_dio.c:1612:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_get(): device <%d>", dev_number );
data/bwbasic-2.20pl2/bwb_dio.c:1652:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_get(): record number <%d>", rec_number );
data/bwbasic-2.20pl2/bwb_dio.c:1664:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_get(): fseek() failed, rec number <%d> offset <%ld>",
data/bwbasic-2.20pl2/bwb_dio.c:1715:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_dio.c:1746:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_put(): device <%d>", dev_number );
data/bwbasic-2.20pl2/bwb_dio.c:1783:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_put(): return type <%c>", e->type );
data/bwbasic-2.20pl2/bwb_dio.c:1797:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_put(): record number <%d>", rec_number );
data/bwbasic-2.20pl2/bwb_dio.c:1809:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_get(): fseek() failed, rec number <%d> offset <%ld>",
data/bwbasic-2.20pl2/bwb_dio.c:1819:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_put(): ready to write to file, buffer <%lXh>",
data/bwbasic-2.20pl2/bwb_dio.c:1840:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_put(): write to file complete" );
data/bwbasic-2.20pl2/bwb_dio.c:1879:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in dio_flush(): only random-access buffers can be flushed" );
data/bwbasic-2.20pl2/bwb_elx.c:278:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Recursion error in bwb_exp.c:exp_findop(): recursion violation." );
data/bwbasic-2.20pl2/bwb_elx.c:293:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( mantissa.name, "(mantissa)" );
data/bwbasic-2.20pl2/bwb_elx.c:490:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_numconst(): integer bounds violated, promote to NUMBER" );
data/bwbasic-2.20pl2/bwb_elx.c:569:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_numconst(): exponent is <%d>",
data/bwbasic-2.20pl2/bwb_elx.c:698:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_numconst(): exit level <%d> precision <%c> value <%lf>",
data/bwbasic-2.20pl2/bwb_elx.c:741:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_elx.c:811:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_function(): found begin parenthesis." );
data/bwbasic-2.20pl2/bwb_elx.c:852:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf,
data/bwbasic-2.20pl2/bwb_elx.c:906:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf,
data/bwbasic-2.20pl2/bwb_elx.c:915:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf,
data/bwbasic-2.20pl2/bwb_elx.c:925:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf,
data/bwbasic-2.20pl2/bwb_elx.c:935:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf,
data/bwbasic-2.20pl2/bwb_elx.c:1014:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_function(): new char <%d>=<%c>",
data/bwbasic-2.20pl2/bwb_elx.c:1032:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_function(): ready to call function vector" );
data/bwbasic-2.20pl2/bwb_elx.c:1039:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_function(): calling preset function" );
data/bwbasic-2.20pl2/bwb_elx.c:1095:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_function(): return from function vector, type <%c>",
data/bwbasic-2.20pl2/bwb_elx.c:1110:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_function(): ready to assign STRING" );
data/bwbasic-2.20pl2/bwb_elx.c:1132:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_function(): end of function" );
data/bwbasic-2.20pl2/bwb_elx.c:1168:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_variable(): entered function." );
data/bwbasic-2.20pl2/bwb_exp.c:157:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_exp(): exp_findop() returned <%d>",
data/bwbasic-2.20pl2/bwb_exp.c:203:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_exp(): operator detected." );
data/bwbasic-2.20pl2/bwb_exp.c:228:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_exp(): equal sign detected." );
data/bwbasic-2.20pl2/bwb_exp.c:250:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_exp(): return from exp_numconst(), r = <%d>",
data/bwbasic-2.20pl2/bwb_exp.c:293:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_exp.c:bwb_exp(): unidentified operation (%d).",
data/bwbasic-2.20pl2/bwb_exp.c:308:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_exp(): advanced position; r <%d> err_c <%d>",
data/bwbasic-2.20pl2/bwb_exp.c:316:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_exp(): with OP_EQUALS: finished case" );
data/bwbasic-2.20pl2/bwb_exp.c:357:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_exp(): increment esc, r <%d>, err_c <%d>",
data/bwbasic-2.20pl2/bwb_exp.c:368:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_exp(): found r == OP_ERROR." );
data/bwbasic-2.20pl2/bwb_exp.c:382:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_exp(): breakout from main parsing loop, r <%d> err_c <%d>",
data/bwbasic-2.20pl2/bwb_exp.c:393:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "error detected in expression parser" );
data/bwbasic-2.20pl2/bwb_exp.c:433:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_exp(): OP_STRJOIN in wrong position." );
data/bwbasic-2.20pl2/bwb_exp.c:442:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_exp(): incomplete expression." );
data/bwbasic-2.20pl2/bwb_exp.c:453:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_exp(): before dec_esc type is <%c>",
data/bwbasic-2.20pl2/bwb_exp.c:475:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_exp(): exit stack level (%d) does not match entry stack level (%d)",
data/bwbasic-2.20pl2/bwb_exp.c:512:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[ MAXSTRINGSIZE + 1 ]; /* capitalized expression */
data/bwbasic-2.20pl2/bwb_exp.c:513:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuf[ MAXSTRINGSIZE + 1 ]; /* non-capitalized expression */
data/bwbasic-2.20pl2/bwb_exp.c:582:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_findop(): rval pos 1 is <%d>", rval );
data/bwbasic-2.20pl2/bwb_exp.c:604:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_findop() loop position <%d> char 0x%x",
data/bwbasic-2.20pl2/bwb_exp.c:715:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXVARNAMESIZE + 1 ]; /* JBV */
data/bwbasic-2.20pl2/bwb_exp.c:745:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_isnc(): previous function is a number or string" );
data/bwbasic-2.20pl2/bwb_exp.c:955:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXVARNAMESIZE + 1 ];
data/bwbasic-2.20pl2/bwb_exp.c:1287:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_getnval(): operation <%d> is not a number",
data/bwbasic-2.20pl2/bwb_exp.c:1304:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_getnval(): type is <%c>",
data/bwbasic-2.20pl2/bwb_exp.c:1340:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( b.name, "<exp_getsval() bstring>" );
data/bwbasic-2.20pl2/bwb_exp.c:1359:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "%lf ", (double) exp_getnval( e ) );
data/bwbasic-2.20pl2/bwb_exp.c:1364:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_getsval(): type <%c> inappropriate for NUMBER",
data/bwbasic-2.20pl2/bwb_exp.c:1378:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "%lf ", (double) exp_getnval( e ) );
data/bwbasic-2.20pl2/bwb_exp.c:1383:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_getsval(): type <%c> inappropriate for NUMBER",
data/bwbasic-2.20pl2/bwb_exp.c:1394:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_getsval(): operation <%d> inappropriate",
data/bwbasic-2.20pl2/bwb_exp.c:1428:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in inc_esc(): prev level <%d>",
data/bwbasic-2.20pl2/bwb_exp.c:1438:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in inc_esc(): Maximum expression stack exceeded <%d>",
data/bwbasic-2.20pl2/bwb_exp.c:1448:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( CURTASK exps[ CURTASK expsc ].string, "New Expression Stack Level %d", CURTASK expsc );
data/bwbasic-2.20pl2/bwb_exp.c:1480:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in dec_esc(): Expression stack counter < 0." );
data/bwbasic-2.20pl2/bwb_fnc.c:75:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( LOCALTASK fnc_start.name, "FNC_START" );
data/bwbasic-2.20pl2/bwb_fnc.c:78:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( LOCALTASK fnc_end.name, "FNC_END" );
data/bwbasic-2.20pl2/bwb_fnc.c:239:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char t_string[ 4 ];
data/bwbasic-2.20pl2/bwb_fnc.c:255:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function TAB().",
data/bwbasic-2.20pl2/bwb_fnc.c:267:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function TAB().",
data/bwbasic-2.20pl2/bwb_fnc.c:339:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tbuf, "%02d-%02d-%04d", lt->tm_mon + 1, lt->tm_mday,
data/bwbasic-2.20pl2/bwb_fnc.c:395:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tbuf, "%02d:%02d:%02d", lt->tm_hour, lt->tm_min,
data/bwbasic-2.20pl2/bwb_fnc.c:428:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_fnc.c:435:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fnc_chr(): entered function, argc <%d>",
data/bwbasic-2.20pl2/bwb_fnc.c:447:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fnc_chr(): entered function, initialized nvar" );
data/bwbasic-2.20pl2/bwb_fnc.c:457:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough arguments to function CHR$()" );
data/bwbasic-2.20pl2/bwb_fnc.c:463:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function CHR$().",
data/bwbasic-2.20pl2/bwb_fnc.c:476:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fnc_chr(): entered function, checkargs ok" );
data/bwbasic-2.20pl2/bwb_fnc.c:490:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fnc_chr(): tbuf[ 0 ] is <%c>", tbuf[ 0 ] );
data/bwbasic-2.20pl2/bwb_fnc.c:547:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function LEN().",
data/bwbasic-2.20pl2/bwb_fnc.c:554:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function LEN().",
data/bwbasic-2.20pl2/bwb_fnc.c:684:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_string[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_fnc.c:686:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_fnc.c:702:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough arguments to function MID$()" );
data/bwbasic-2.20pl2/bwb_fnc.c:709:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Two many arguments to function MID$()" );
data/bwbasic-2.20pl2/bwb_fnc.c:785:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_string[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_fnc.c:787:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_fnc.c:803:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough arguments to function LEFT$()" );
data/bwbasic-2.20pl2/bwb_fnc.c:810:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Two many arguments to function LEFT$()" );
data/bwbasic-2.20pl2/bwb_fnc.c:872:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_string[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_fnc.c:874:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_fnc.c:890:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough arguments to function RIGHT$()" );
data/bwbasic-2.20pl2/bwb_fnc.c:897:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Two many arguments to function RIGHT$()" );
data/bwbasic-2.20pl2/bwb_fnc.c:986:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function ASC().",
data/bwbasic-2.20pl2/bwb_fnc.c:993:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function ASC().",
data/bwbasic-2.20pl2/bwb_fnc.c:1008:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Argument to function ASC() must be a string." );
data/bwbasic-2.20pl2/bwb_fnc.c:1082:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function STRING$().",
data/bwbasic-2.20pl2/bwb_fnc.c:1089:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function STRING$().",
data/bwbasic-2.20pl2/bwb_fnc.c:1101:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( nvar.name, "(string$)!" );
data/bwbasic-2.20pl2/bwb_fnc.c:1120:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fnc_string(): type <%c>, c <0x%x>=<%c>",
data/bwbasic-2.20pl2/bwb_fnc.c:1166:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_fnc.c:1167:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ybuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_fnc.c:1182:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function INSTR().",
data/bwbasic-2.20pl2/bwb_fnc.c:1189:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function INSTR().",
data/bwbasic-2.20pl2/bwb_fnc.c:1313:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function SPACE$().",
data/bwbasic-2.20pl2/bwb_fnc.c:1325:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function SPACE$().",
data/bwbasic-2.20pl2/bwb_fnc.c:1393:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_fnc.c:1394:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_fnc.c:1411:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function ENVIRON$().",
data/bwbasic-2.20pl2/bwb_fnc.c:1418:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function ENVIRON$().",
data/bwbasic-2.20pl2/bwb_fnc.c:1567:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fnc_loc(): received f_arg <%f> ",
data/bwbasic-2.20pl2/bwb_fnc.c:1575:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function LOC().",
data/bwbasic-2.20pl2/bwb_fnc.c:1586:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function LOC().",
data/bwbasic-2.20pl2/bwb_fnc.c:1646:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fnc_loc(): received f_arg <%f> ",
data/bwbasic-2.20pl2/bwb_fnc.c:1654:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function EOF().",
data/bwbasic-2.20pl2/bwb_fnc.c:1665:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function EOF().",
data/bwbasic-2.20pl2/bwb_fnc.c:1751:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fnc_lof(): received f_arg <%f> ",
data/bwbasic-2.20pl2/bwb_fnc.c:1759:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function LOF().",
data/bwbasic-2.20pl2/bwb_fnc.c:1770:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function LOF().",
data/bwbasic-2.20pl2/bwb_fnc.c:1868:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "TEST function: received %d arguments: \n", argc );
data/bwbasic-2.20pl2/bwb_inp.c:97:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_inp.c:118:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_read() adv_loop char <%d> = <%c>",
data/bwbasic-2.20pl2/bwb_inp.c:144:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_read(): end of adv_loop <%d> main_loop <%d>",
data/bwbasic-2.20pl2/bwb_inp.c:370:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_inp.c:384:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_restore(): RESTORE w/ no argument " );
data/bwbasic-2.20pl2/bwb_inp.c:392:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi( tbuf );
data/bwbasic-2.20pl2/bwb_inp.c:395:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_restore(): line for restore is <%d>", n );
data/bwbasic-2.20pl2/bwb_inp.c:412:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "at line %d: Can't find line number for RESTORE.",
data/bwbasic-2.20pl2/bwb_inp.c:437:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "at line %d: Line %d is not a DATA statement.",
data/bwbasic-2.20pl2/bwb_inp.c:481:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_inp.c:482:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pstring[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_inp.c:485:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_input(): enter function" );
data/bwbasic-2.20pl2/bwb_inp.c:521:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_input(): requested device number <%d>",
data/bwbasic-2.20pl2/bwb_inp.c:656:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_input(): ready to get input line" );
data/bwbasic-2.20pl2/bwb_inp.c:705:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_inp.c:757:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_xinp(): expected quotation mark" );
data/bwbasic-2.20pl2/bwb_inp.c:988:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ttbuf[ MAXSTRINGSIZE + 1 ]; /* build element */
data/bwbasic-2.20pl2/bwb_inp.c:989:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname[ MAXSTRINGSIZE + 1 ]; /* build element */
data/bwbasic-2.20pl2/bwb_inp.c:1301:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Unexpected character in numerical constant." );
data/bwbasic-2.20pl2/bwb_inp.c:1347:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_inp.c:1348:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pstring[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_inp.c:1390:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_line(): file number requested <%d>", dev_no );
data/bwbasic-2.20pl2/bwb_inp.c:1506:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_inp.c:1512:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( mantissa.name, "(mantissa)" );
data/bwbasic-2.20pl2/bwb_inp.c:1707:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in inp_numconst(): integer bounds violated, promote to NUMBER" );
data/bwbasic-2.20pl2/bwb_inp.c:1784:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in inp_numconst(): exponent is <%d>",
data/bwbasic-2.20pl2/bwb_inp.c:1909:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in inp_numconst(): precision <%c> value <%lf>",
data/bwbasic-2.20pl2/bwb_int.c:395:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*lnum = atoi( tbuf );
data/bwbasic-2.20pl2/bwb_int.c:484:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in line_start(): lnpos <%d> lnum <%d>",
data/bwbasic-2.20pl2/bwb_int.c:487:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in line_start(): cmdpos <%d> cmdnum <%d> startpos <%d>",
data/bwbasic-2.20pl2/bwb_int.c:586:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Incomplete string constant" );
data/bwbasic-2.20pl2/bwb_int.c:600:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in is_let(): implied LET found." );
data/bwbasic-2.20pl2/bwb_int.c:790:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*start = atoi( tbuf );
data/bwbasic-2.20pl2/bwb_int.c:796:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*end = atoi( tbuf );
data/bwbasic-2.20pl2/bwb_int.c:827:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*start = atoi( tbuf );
data/bwbasic-2.20pl2/bwb_int.c:832:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*end = atoi( tbuf );
data/bwbasic-2.20pl2/bwb_int.c:856:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf,
data/bwbasic-2.20pl2/bwb_int.c:963:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in is_eol(): character is <0x%x> = <%c>",
data/bwbasic-2.20pl2/bwb_mth.c:53:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char the_chars[ sizeof( int ) ];
data/bwbasic-2.20pl2/bwb_mth.c:59:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char the_chars[ sizeof( float) ];
data/bwbasic-2.20pl2/bwb_mth.c:65:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char the_chars[ sizeof( double ) ];
data/bwbasic-2.20pl2/bwb_mth.c:97:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fnc_core(): entered function" );
data/bwbasic-2.20pl2/bwb_mth.c:116:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fnc_core(): received f_arg <%f> nvar type <%c>",
data/bwbasic-2.20pl2/bwb_mth.c:131:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to core function.",
data/bwbasic-2.20pl2/bwb_mth.c:138:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to core function.",
data/bwbasic-2.20pl2/bwb_mth.c:154:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fnc_core(): nvar type <%c>; calling findnval()",
data/bwbasic-2.20pl2/bwb_mth.c:254:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fnc_abs(): entered function" );
data/bwbasic-2.20pl2/bwb_mth.c:273:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fnc_abs(): received f_arg <%f> nvar type <%c>",
data/bwbasic-2.20pl2/bwb_mth.c:281:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function ABS().",
data/bwbasic-2.20pl2/bwb_mth.c:288:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function ABS().",
data/bwbasic-2.20pl2/bwb_mth.c:303:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fnc_abs(): nvar type <%c>; calling finnval()",
data/bwbasic-2.20pl2/bwb_mth.c:394:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fnc_atn(): received f_arg <%f> ",
data/bwbasic-2.20pl2/bwb_mth.c:402:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function ATN().",
data/bwbasic-2.20pl2/bwb_mth.c:409:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function ATN().",
data/bwbasic-2.20pl2/bwb_mth.c:465:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fnc_cos(): received f_arg <%f> ",
data/bwbasic-2.20pl2/bwb_mth.c:473:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function COS().",
data/bwbasic-2.20pl2/bwb_mth.c:480:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function COS().",
data/bwbasic-2.20pl2/bwb_mth.c:536:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fnc_log(): received f_arg <%f> ",
data/bwbasic-2.20pl2/bwb_mth.c:544:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function LOG().",
data/bwbasic-2.20pl2/bwb_mth.c:551:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function LOG().",
data/bwbasic-2.20pl2/bwb_mth.c:606:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fnc_sin(): received f_arg <%f> ",
data/bwbasic-2.20pl2/bwb_mth.c:614:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function SIN().",
data/bwbasic-2.20pl2/bwb_mth.c:622:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function SIN().",
data/bwbasic-2.20pl2/bwb_mth.c:679:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fnc_sqr(): received f_arg <%f> ",
data/bwbasic-2.20pl2/bwb_mth.c:687:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function SQR().",
data/bwbasic-2.20pl2/bwb_mth.c:694:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function SQR().",
data/bwbasic-2.20pl2/bwb_mth.c:750:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fnc_tan(): received f_arg <%f> ",
data/bwbasic-2.20pl2/bwb_mth.c:758:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function TAN().",
data/bwbasic-2.20pl2/bwb_mth.c:765:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function TAN().",
data/bwbasic-2.20pl2/bwb_mth.c:825:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fnc_sgn(): received f_arg <%f> ",
data/bwbasic-2.20pl2/bwb_mth.c:833:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function SGN().",
data/bwbasic-2.20pl2/bwb_mth.c:840:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function SGN().",
data/bwbasic-2.20pl2/bwb_mth.c:908:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fnc_int(): received f_arg <%f> ",
data/bwbasic-2.20pl2/bwb_mth.c:916:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function INT().",
data/bwbasic-2.20pl2/bwb_mth.c:923:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function INT().",
data/bwbasic-2.20pl2/bwb_mth.c:980:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function EXP().",
data/bwbasic-2.20pl2/bwb_mth.c:988:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function EXP().",
data/bwbasic-2.20pl2/bwb_mth.c:1063:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough arguments to function VAL()" );
data/bwbasic-2.20pl2/bwb_mth.c:1069:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function VAL().",
data/bwbasic-2.20pl2/bwb_mth.c:1085:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Argument to function VAL() must be a string." );
data/bwbasic-2.20pl2/bwb_mth.c:1159:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function STR$().",
data/bwbasic-2.20pl2/bwb_mth.c:1166:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function STR$().",
data/bwbasic-2.20pl2/bwb_mth.c:1180:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tbuf, " %.*f", prn_precision( &( argv[ 0 ] ) ),
data/bwbasic-2.20pl2/bwb_mth.c:1242:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function HEX$().",
data/bwbasic-2.20pl2/bwb_mth.c:1249:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function HEX$().",
data/bwbasic-2.20pl2/bwb_mth.c:1263:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tbuf, "%X", (int) trnc_int( (bnumber) var_getnval( &( argv[ 0 ] )) ) );
data/bwbasic-2.20pl2/bwb_mth.c:1319:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function OCT$().",
data/bwbasic-2.20pl2/bwb_mth.c:1326:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function OCT$().",
data/bwbasic-2.20pl2/bwb_mth.c:1342:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tbuf, "%o", (int) trnc_int( (bnumber) var_getnval( &( argv[ 0 ] )) ) );
data/bwbasic-2.20pl2/bwb_mth.c:1376:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tbuf[ sizeof( int ) ];
data/bwbasic-2.20pl2/bwb_mth.c:1390:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function MKI$().",
data/bwbasic-2.20pl2/bwb_mth.c:1397:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function MKI$().",
data/bwbasic-2.20pl2/bwb_mth.c:1455:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tbuf[ sizeof ( double ) ];
data/bwbasic-2.20pl2/bwb_mth.c:1469:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function MKD$().",
data/bwbasic-2.20pl2/bwb_mth.c:1476:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function MKD$().",
data/bwbasic-2.20pl2/bwb_mth.c:1533:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tbuf[ 5 ];
data/bwbasic-2.20pl2/bwb_mth.c:1548:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function MKS$().",
data/bwbasic-2.20pl2/bwb_mth.c:1555:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function MKS$().",
data/bwbasic-2.20pl2/bwb_mth.c:1633:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function CVI().",
data/bwbasic-2.20pl2/bwb_mth.c:1640:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function CVI().",
data/bwbasic-2.20pl2/bwb_mth.c:1710:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function CVD().",
data/bwbasic-2.20pl2/bwb_mth.c:1717:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function CVD().",
data/bwbasic-2.20pl2/bwb_mth.c:1788:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function CVS().",
data/bwbasic-2.20pl2/bwb_mth.c:1795:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function CVS().",
data/bwbasic-2.20pl2/bwb_mth.c:1871:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function CINT().",
data/bwbasic-2.20pl2/bwb_mth.c:1878:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function CINT().",
data/bwbasic-2.20pl2/bwb_mth.c:1937:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Not enough parameters (%d) to function CINT().",
data/bwbasic-2.20pl2/bwb_mth.c:1944:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Too many parameters (%d) to function CINT().",
data/bwbasic-2.20pl2/bwb_ops.c:118:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_operation(): entered function." );
data/bwbasic-2.20pl2/bwb_ops.c:157:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_operation(): level <%d> operation <%d>",
data/bwbasic-2.20pl2/bwb_ops.c:176:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_operation() first increment op_level to <%d>",
data/bwbasic-2.20pl2/bwb_ops.c:187:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_operation() further increment op_level to <%d>",
data/bwbasic-2.20pl2/bwb_ops.c:230:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "exp_operation(): failed to set precision." );
data/bwbasic-2.20pl2/bwb_ops.c:243:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_oplevel(): level <%d>, precision <%c>",
data/bwbasic-2.20pl2/bwb_ops.c:328:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "PROGRAMMING ERROR: operator <%d> not (yet) supported.", CURTASK exps[ level ].operation );
data/bwbasic-2.20pl2/bwb_ops.c:380:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_isoperator(): no match found for operation <%d>",
data/bwbasic-2.20pl2/bwb_ops.c:425:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_add(): Type mismatch in string addition." );
data/bwbasic-2.20pl2/bwb_ops.c:439:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_add(): try exp_getsval(), level <%d> op <%d> type <%c>:",
data/bwbasic-2.20pl2/bwb_ops.c:443:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_add(): try exp_getsval(), level <%d> op <%d> type <%c>:",
data/bwbasic-2.20pl2/bwb_ops.c:447:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_add(): string addition, exp_getsval()s completed" );
data/bwbasic-2.20pl2/bwb_ops.c:462:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_add(): str_cat() returns <%d>-byte string to level <%d>",
data/bwbasic-2.20pl2/bwb_ops.c:484:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_add() returns with operation <%d> type <%c>",
data/bwbasic-2.20pl2/bwb_ops.c:525:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Strings cannot be subtracted." );
data/bwbasic-2.20pl2/bwb_ops.c:582:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Strings cannot be multiplied." );
data/bwbasic-2.20pl2/bwb_ops.c:639:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Strings cannot be divided." );
data/bwbasic-2.20pl2/bwb_ops.c:654:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Divide by 0." );
data/bwbasic-2.20pl2/bwb_ops.c:707:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_assign(): Assignment must be to variable: level -1 <%d> op <%d>",
data/bwbasic-2.20pl2/bwb_ops.c:717:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_assign(): entered function level <%d>",
data/bwbasic-2.20pl2/bwb_ops.c:735:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_assign(): try exp_getsval(), level <%d> op <%d> type <%c>:",
data/bwbasic-2.20pl2/bwb_ops.c:739:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_assign(): try exp_getsval(), level <%d> op <%d> type <%c>:",
data/bwbasic-2.20pl2/bwb_ops.c:743:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_assign(): string addition, exp_getsval()s completed" );
data/bwbasic-2.20pl2/bwb_ops.c:760:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_assign(): Variable before assignment operator has unidentified type." );
data/bwbasic-2.20pl2/bwb_ops.c:819:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_equals(): Type mismatch in string comparison." );
data/bwbasic-2.20pl2/bwb_ops.c:915:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Type mismatch in string comparison." );
data/bwbasic-2.20pl2/bwb_ops.c:1004:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Type mismatch in string comparison." );
data/bwbasic-2.20pl2/bwb_ops.c:1093:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Type mismatch in string comparison." );
data/bwbasic-2.20pl2/bwb_ops.c:1182:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Type mismatch in string comparison." );
data/bwbasic-2.20pl2/bwb_ops.c:1270:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Type mismatch in string comparison." );
data/bwbasic-2.20pl2/bwb_ops.c:1354:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Strings cannot be divided." );
data/bwbasic-2.20pl2/bwb_ops.c:1369:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Divide by 0." );
data/bwbasic-2.20pl2/bwb_ops.c:1423:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_exponent(): entered function level <%d>.",
data/bwbasic-2.20pl2/bwb_ops.c:1436:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Strings cannot be taken as exponents." );
data/bwbasic-2.20pl2/bwb_ops.c:1494:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Strings cannot be divided." );
data/bwbasic-2.20pl2/bwb_ops.c:1509:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Divide by 0." );
data/bwbasic-2.20pl2/bwb_ops.c:1564:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Strings cannot be compared logically." );
data/bwbasic-2.20pl2/bwb_ops.c:1622:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Strings cannot be compared logically." );
data/bwbasic-2.20pl2/bwb_ops.c:1680:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Strings cannot be compared logically." );
data/bwbasic-2.20pl2/bwb_ops.c:1691:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_not(): argument is <%d>, precision <%c>",
data/bwbasic-2.20pl2/bwb_ops.c:1700:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_not(): result is <%d>, precision <%c>",
data/bwbasic-2.20pl2/bwb_ops.c:1718:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_not(): CURTASK expsc <%d>, level <%d> result <%d>",
data/bwbasic-2.20pl2/bwb_ops.c:1755:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Strings cannot be compared logically." );
data/bwbasic-2.20pl2/bwb_ops.c:1814:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Strings cannot be compared logically." );
data/bwbasic-2.20pl2/bwb_ops.c:1825:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_negation(): argument is <%f>, precision <%c>",
data/bwbasic-2.20pl2/bwb_ops.c:1834:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_negation(): result is <%f>, precision <%c>",
data/bwbasic-2.20pl2/bwb_ops.c:1852:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_negation(): CURTASK expsc <%d>, level <%d> result <%f>",
data/bwbasic-2.20pl2/bwb_ops.c:1887:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_islevelstr(): string detected at level <%d>.",
data/bwbasic-2.20pl2/bwb_ops.c:1903:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_islevelstr(): string detected at level <%d>.",
data/bwbasic-2.20pl2/bwb_ops.c:1915:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_islevelstr(): string not detected at level <%d>.",
data/bwbasic-2.20pl2/bwb_ops.c:1988:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in op_pulldown(): pull down e stack <%d> place(s)",
data/bwbasic-2.20pl2/bwb_ops.c:2007:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &CURTASK exps[ level ], &CURTASK exps[ level + how_far ],
data/bwbasic-2.20pl2/bwb_par.c:67:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_newtask(): Slot requested is already in use" );
data/bwbasic-2.20pl2/bwb_prn.c:102:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_print(): enter function" );
data/bwbasic-2.20pl2/bwb_prn.c:187:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_print(): device number is <%d>",
data/bwbasic-2.20pl2/bwb_prn.c:244:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ]; /* JBV */
data/bwbasic-2.20pl2/bwb_prn.c:388:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_xprint(): op <%d> type <%d>",
data/bwbasic-2.20pl2/bwb_prn.c:427:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_xprint(): format type <%d> width <%d>",
data/bwbasic-2.20pl2/bwb_prn.c:445:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf( output_string, "%.*s", format->width, element );
data/bwbasic-2.20pl2/bwb_prn.c:473:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output_string, "%+e", exp_getnval( e ) );
data/bwbasic-2.20pl2/bwb_prn.c:475:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output_string, "%e", exp_getnval( e ) );
data/bwbasic-2.20pl2/bwb_prn.c:484:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output_string, "%+*.*f",
data/bwbasic-2.20pl2/bwb_prn.c:488:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output_string, "%*.*f",
data/bwbasic-2.20pl2/bwb_prn.c:505:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output_string, "%*.*f",
data/bwbasic-2.20pl2/bwb_prn.c:582:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_xprint(): get_prnfmt() returns unknown type <%c>",
data/bwbasic-2.20pl2/bwb_prn.c:607:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( prnbuf, " %.*lf", prn_precision( bwb_esetovar( e )),
data/bwbasic-2.20pl2/bwb_prn.c:610:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( prnbuf, " %.*f", prn_precision( bwb_esetovar( e )),
data/bwbasic-2.20pl2/bwb_prn.c:758:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in get_prnfmt(): found \\" );
data/bwbasic-2.20pl2/bwb_prn.c:882:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in prn_cr(): initial c is <%d>", c );
data/bwbasic-2.20pl2/bwb_prn.c:898:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in prn_cr(): backup: c is <%d>, char <%c>[0x%x]",
data/bwbasic-2.20pl2/bwb_prn.c:912:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in prn_cr(): breakout: c is <%d>, char <%c>[0x%x]",
data/bwbasic-2.20pl2/bwb_prn.c:925:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in prn_cr(): concluding <;> detected." );
data/bwbasic-2.20pl2/bwb_prn.c:1302:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in prn_precision(): fmod( %f, %f ) = %.12f",
data/bwbasic-2.20pl2/bwb_prn.c:1342:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_prn.c:1377:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_prn.c:1383:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_lerror(): entered function " );
data/bwbasic-2.20pl2/bwb_prn.c:1413:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_lerror(): error number is <%d> ", n );
data/bwbasic-2.20pl2/bwb_prn.c:1421:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Error number %d is out of range", n );
data/bwbasic-2.20pl2/bwb_prn.c:1456:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_prn.c:1500:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_width(): device number is <%d>",
data/bwbasic-2.20pl2/bwb_prn.c:1562:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tbuf[ MAXSTRINGSIZE + 1 ]; /* must be permanent */
data/bwbasic-2.20pl2/bwb_prn.c:1722:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_prn.c:1798:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_write(): device number is <%d>",
data/bwbasic-2.20pl2/bwb_prn.c:1856:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tbuf, " %.*lf", prn_precision( &nvar ),
data/bwbasic-2.20pl2/bwb_prn.c:1859:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tbuf, " %.*f", prn_precision( &nvar ),
data/bwbasic-2.20pl2/bwb_stc.c:112:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_scan(): beginning scan..." );
data/bwbasic-2.20pl2/bwb_stc.c:127:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_scan(): scanning line <%d>", current->number );
data/bwbasic-2.20pl2/bwb_stc.c:237:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_stc.c:425:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_stc.c:555:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_stc.c:648:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_stc.c:728:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in call_readargs(): detected end of argument list" );
data/bwbasic-2.20pl2/bwb_stc.c:826:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in call_readargs(): exiting function" );
data/bwbasic-2.20pl2/bwb_stc.c:1050:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_stc.c:1122:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_stc.c:1129:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_sub(): entered function at exec level <%d>",
data/bwbasic-2.20pl2/bwb_stc.c:1143:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_sub(): found MAIN function at level 0" );
data/bwbasic-2.20pl2/bwb_stc.c:1161:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_sub(): found non-MAIN function at level 0" );
data/bwbasic-2.20pl2/bwb_stc.c:1177:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_sub(): SUB without CALL" );
data/bwbasic-2.20pl2/bwb_stc.c:1244:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in find_endsub(): found SUB at line %d, level %d",
data/bwbasic-2.20pl2/bwb_stc.c:1255:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in find_endsub(): found END SUB at line %d, level %d",
data/bwbasic-2.20pl2/bwb_stc.c:1270:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "SUB without END SUB" );
data/bwbasic-2.20pl2/bwb_stc.c:1300:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXVARNAMESIZE + 1];
data/bwbasic-2.20pl2/bwb_stc.c:1461:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_doloop(): initialize DO loop, line <%d>",
data/bwbasic-2.20pl2/bwb_stc.c:1470:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_doloop(): return to DO loop, line <%d>",
data/bwbasic-2.20pl2/bwb_stc.c:1500:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_stc.c:1503:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_loop(): entered subroutine" );
data/bwbasic-2.20pl2/bwb_stc.c:1521:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_loop(): exec stack code != EXEC_DO" );
data/bwbasic-2.20pl2/bwb_stc.c:1531:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_loop(): exec stack while_line == NULL" );
data/bwbasic-2.20pl2/bwb_stc.c:1549:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_loop(): detected LOOP UNTIL" );
data/bwbasic-2.20pl2/bwb_stc.c:1565:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_loop() return to line <%d>",
data/bwbasic-2.20pl2/bwb_stc.c:1602:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_loopuntil(): entered subroutine" );
data/bwbasic-2.20pl2/bwb_stc.c:1626:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_loopuntil() return to line <%d>",
data/bwbasic-2.20pl2/bwb_stc.c:1661:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_stc.c:1664:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_exit(): entered subroutine" );
data/bwbasic-2.20pl2/bwb_stc.c:1675:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_exit(): detected EXIT FOR" );
data/bwbasic-2.20pl2/bwb_stc.c:1688:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_exit(): Nonsense or nothing following EXIT" );
data/bwbasic-2.20pl2/bwb_stc.c:1723:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_exitdo(): entered subroutine" );
data/bwbasic-2.20pl2/bwb_stc.c:1750:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_exitdo(): EXIT DO without DO" );
data/bwbasic-2.20pl2/bwb_stc.c:1761:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_exitdo(): level found is <%d>, current <%d>",
data/bwbasic-2.20pl2/bwb_stc.c:1866:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_etov(): mismatch src <%d> dst <%d>",
data/bwbasic-2.20pl2/bwb_stc.c:1948:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in fslt_addcallvar(): Maximum number of Function Args Exceeded" );
data/bwbasic-2.20pl2/bwb_stc.c:1981:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_stc.c:2076:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_ufnc(): found SINGLE-LINE function" );
data/bwbasic-2.20pl2/bwb_stc.c:2096:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_ufnc(): expression returns <%d>-byte string",
data/bwbasic-2.20pl2/bwb_stc.c:2102:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_ufnc(): expression returns number <%lf>",
data/bwbasic-2.20pl2/bwb_stc.c:2124:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_ufnc(): found MULTI-LINE function" );
data/bwbasic-2.20pl2/bwb_stc.c:2159:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in exp_ufnc(): ready to assign <%d>-byte STRING",
data/bwbasic-2.20pl2/bwb_str.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_str.c:116:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in str_btob(): reallocating RAB" );
data/bwbasic-2.20pl2/bwb_str.c:235:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in str_ctob(): reallocating RAB" );
data/bwbasic-2.20pl2/bwb_str.c:296:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tbuf, "in str_btoc(): entry, b string length is <%d>",
data/bwbasic-2.20pl2/bwb_str.c:349:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_str.c:350:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_str.c:392:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_str.c:393:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_tbl.c:315:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *err_table[ N_ERRORS ] =
data/bwbasic-2.20pl2/bwb_var.c:81:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( LOCALTASK var_start.name, "<START>" );
data/bwbasic-2.20pl2/bwb_var.c:82:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( LOCALTASK var_end.name, "<END>" );
data/bwbasic-2.20pl2/bwb_var.c:110:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_var.c:169:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_var.c:282:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_var.c:697:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_var.c:698:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source_string[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_var.c:712:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_mid(): MID$ command" );
data/bwbasic-2.20pl2/bwb_var.c:727:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_mid(): failed to find variable" );
data/bwbasic-2.20pl2/bwb_var.c:737:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_mid(): assignment must be to string variable" );
data/bwbasic-2.20pl2/bwb_var.c:788:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_mid(): startpos <%d> buffer <%lX>",
data/bwbasic-2.20pl2/bwb_var.c:807:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_mid(): destination string no. of chars out of range" );
data/bwbasic-2.20pl2/bwb_var.c:823:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_mid(): negative string length" );
data/bwbasic-2.20pl2/bwb_var.c:831:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_mid(): numchars <%d> target_terminate <%d>", numchars, target_terminate );
data/bwbasic-2.20pl2/bwb_var.c:850:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_mid(): assignment must be from string expression" );
data/bwbasic-2.20pl2/bwb_var.c:864:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_mid(): non-contiguous string created" );
data/bwbasic-2.20pl2/bwb_var.c:874:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_mid(): destination string start position out of range" );
data/bwbasic-2.20pl2/bwb_var.c:932:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char vname[ 2 ];
data/bwbasic-2.20pl2/bwb_var.c:1274:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in var_find(): NULL variable name received\n" );
data/bwbasic-2.20pl2/bwb_var.c:1414:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in var_getnval(): type is <%d>=<%c>.",
data/bwbasic-2.20pl2/bwb_var.c:1454:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "%*f ", prn_precision( nvar ),
data/bwbasic-2.20pl2/bwb_var.c:1460:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in var_getsval(): type is <%d>=<%c>.",
data/bwbasic-2.20pl2/bwb_var.c:1499:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_var.c:1502:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_dim(): entered function." );
data/bwbasic-2.20pl2/bwb_var.c:1522:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_dim(): variable name is already used.",
data/bwbasic-2.20pl2/bwb_var.c:1615:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_dim(): array_sizes dim <%d> value <%d>",
data/bwbasic-2.20pl2/bwb_var.c:1647:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_dim(): array memory requires <%ld> units",
data/bwbasic-2.20pl2/bwb_var.c:1658:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_dim(): 1 STRING requires <%ld> bytes",
data/bwbasic-2.20pl2/bwb_var.c:1661:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_dim(): STRING array memory requires <%ld> bytes",
data/bwbasic-2.20pl2/bwb_var.c:1684:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_dim(): 1 DOUBLE requires <%ld> bytes",
data/bwbasic-2.20pl2/bwb_var.c:1687:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_dim(): DOUBLE array memory requires <%ld> bytes",
data/bwbasic-2.20pl2/bwb_var.c:1709:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in line %d: New variable has unrecognized type.",
data/bwbasic-2.20pl2/bwb_var.c:1801:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in dim_unit(): return unit: <%ld>", (long) r );
data/bwbasic-2.20pl2/bwb_var.c:1808:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in dim_unit(): unit value <%ld> exceeds array units <%ld>",
data/bwbasic-2.20pl2/bwb_var.c:1851:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_var.c:1912:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in dim_getparams(): call bwb_exp() for last element" );
data/bwbasic-2.20pl2/bwb_var.c:1917:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in dim_getparams(): return from bwb_exp() for last element" );
data/bwbasic-2.20pl2/bwb_var.c:1948:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in dim_getparams(): call bwb_exp() for element (not last)" );
data/bwbasic-2.20pl2/bwb_var.c:1984:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in dim_getparams(): Parameter <%d>: <%d>",
data/bwbasic-2.20pl2/bwb_var.c:2023:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE ];
data/bwbasic-2.20pl2/bwb_var.c:2026:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_option(): entered function." );
data/bwbasic-2.20pl2/bwb_var.c:2035:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "at line %d: OPTION BASE must be called before DIM.",
data/bwbasic-2.20pl2/bwb_var.c:2078:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_option(): New value received is <%d>.", newval );
data/bwbasic-2.20pl2/bwb_var.c:2085:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "at line %d: value for OPTION BASE must be 1 or 0.",
data/bwbasic-2.20pl2/bwb_var.c:2170:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf,
data/bwbasic-2.20pl2/bwb_var.c:2242:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf,
data/bwbasic-2.20pl2/bwb_var.c:2476:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( b->name, "bstring# %d", tnumber );
data/bwbasic-2.20pl2/bwb_var.c:2595:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwb_var.c:2612:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "NUMBER\tval: <%lf>\n", var_getnval( v ) );
data/bwbasic-2.20pl2/bwb_var.c:2615:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "NUMBER\tval: <%f>\n", var_getnval( v ) );
data/bwbasic-2.20pl2/bwb_var.c:2620:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "ERROR: type is <%c>", (char) v->type );
data/bwbasic-2.20pl2/bwbasic.c:72:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char progfile[ MAXARGSIZE ]; /* program file */
data/bwbasic-2.20pl2/bwbasic.c:141:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "task structure: %ld bytes\n",
data/bwbasic-2.20pl2/bwbasic.c:255:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( CURTASK exps[ n ].sval.name, "<Exp stack bstring %d>", n );
data/bwbasic-2.20pl2/bwbasic.c:342:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( profile = fopen( PROFILENAME, "r" )) != NULL )
data/bwbasic-2.20pl2/bwbasic.c:373:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in main(): Ready to save jump MARKER" );
data/bwbasic-2.20pl2/bwbasic.c:391:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_init(): Return from jump MARKER, program run <%d>",
data/bwbasic-2.20pl2/bwbasic.c:415:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( input = fopen( CURTASK progfile, "r" )) == NULL ) /* JBV */
data/bwbasic-2.20pl2/bwbasic.c:417:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( CURTASK progfile, ".bas" );
data/bwbasic-2.20pl2/bwbasic.c:418:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( input = fopen( CURTASK progfile, "r" )) == NULL )
data/bwbasic-2.20pl2/bwbasic.c:457:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ]; /* JBV */
data/bwbasic-2.20pl2/bwbasic.c:460:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_interact(): ready to read from keyboard" );
data/bwbasic-2.20pl2/bwbasic.c:595:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_ladd(): s_buffer initialized " );
data/bwbasic-2.20pl2/bwbasic.c:613:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_ladd(): got memory." );
data/bwbasic-2.20pl2/bwbasic.c:632:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
l->number = atoi( s_buffer );
data/bwbasic-2.20pl2/bwbasic.c:635:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_ladd(): line is numbered, number is <%d>",
data/bwbasic-2.20pl2/bwbasic.c:657:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_ladd(): line is not numbered, using prev <%d>",
data/bwbasic-2.20pl2/bwbasic.c:686:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_ladd(): writing to previous number <%d>",
data/bwbasic-2.20pl2/bwbasic.c:716:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_ladd(): adding doubled number <%d>",
data/bwbasic-2.20pl2/bwbasic.c:767:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_ladd(): attempt to add line has failed" );
data/bwbasic-2.20pl2/bwbasic.c:806:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Exceeded maximum xtxt stack <%d>",
data/bwbasic-2.20pl2/bwbasic.c:825:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Null command line received." );
data/bwbasic-2.20pl2/bwbasic.c:842:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_xtxtline(): ready to get memory" );
data/bwbasic-2.20pl2/bwbasic.c:922:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_incexec(): incremented EXEC stack past max <%d>",
data/bwbasic-2.20pl2/bwbasic.c:964:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_decexec(): decremented EXEC stack past min <-1>" );
data/bwbasic-2.20pl2/bwbasic.c:1082:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_execline(): received line number <%d> < -1",
data/bwbasic-2.20pl2/bwbasic.c:1094:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_execline(): received line number <%d> > MAX <%d>",
data/bwbasic-2.20pl2/bwbasic.c:1115:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "[ %d ]", l->number );
data/bwbasic-2.20pl2/bwbasic.c:1120:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "[ %d ]", l->number );
data/bwbasic-2.20pl2/bwbasic.c:1150:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Enable MULTISEG_LINES for multi-segmented lines",
data/bwbasic-2.20pl2/bwbasic.c:1169:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_execline(): line <%d> is already marked",
data/bwbasic-2.20pl2/bwbasic.c:1237:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_execline(): detected end of line" );
data/bwbasic-2.20pl2/bwbasic.c:1251:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in bwb_execline(): exit setting line number <%d>",
data/bwbasic-2.20pl2/bwbasic.c:1313:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "in ln_asbuf(): stripped CRs" );
data/bwbasic-2.20pl2/bwbasic.c:1339:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwbasic.c:1341:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ubuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwbasic.h:593:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ MAXVARNAMESIZE + 1 ]; /* name for test purposes */
data/bwbasic-2.20pl2/bwbasic.h:601:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ MAXVARNAMESIZE + 1 ]; /* name */
data/bwbasic-2.20pl2/bwbasic.h:642:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ MAXVARNAMESIZE + 1 ]; /* name */
data/bwbasic-2.20pl2/bwbasic.h:658:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ MAXCMDNAMESIZE + 1 ];
data/bwbasic-2.20pl2/bwbasic.h:677:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[ MAXFILENAMESIZE + 1 ];/* filename */
data/bwbasic-2.20pl2/bwbasic.h:691:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[ MAXSTRINGSIZE + 1 ]; /* string for writing */
data/bwbasic-2.20pl2/bwbasic.h:743:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char progfile[ MAXARGSIZE ]; /* program file */
data/bwbasic-2.20pl2/bwbasic.h:769:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char progfile[ MAXARGSIZE ]; /* program file */
data/bwbasic-2.20pl2/bwbasic.h:811:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char err_gosubl[ MAXVARNAMESIZE + 1 ]; /* line for error GOSUB */
data/bwbasic-2.20pl2/bwbasic.h:812:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *err_table[ N_ERRORS ]; /* table of error messages */
data/bwbasic-2.20pl2/bwbasic.h:824:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symbol[ 8 ]; /* BASIC symbol for the operator */
data/bwbasic-2.20pl2/bwx_iqc.c:183:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tbuf[ 2 ];
data/bwbasic-2.20pl2/bwx_iqc.c:204:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tbuf[ MAXSTRINGSIZE + 1 ]; /* this memory should be
data/bwbasic-2.20pl2/bwx_iqc.c:423:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwx_iqc.c:424:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char edname[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwx_iqc.c:442:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( loadfile = fopen( CURTASK progfile, "r" )) == NULL )
data/bwbasic-2.20pl2/bwx_iqc.c:486:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwx_iqc.c:500:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( loadfile = fopen( CURTASK progfile, "r" )) == NULL )
data/bwbasic-2.20pl2/bwx_iqc.c:533:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXVARNAMESIZE + 1 ];
data/bwbasic-2.20pl2/bwx_iqc.c:534:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char finame[ MAXVARNAMESIZE + 1 ];
data/bwbasic-2.20pl2/bwx_iqc.c:535:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argument[ MAXVARNAMESIZE + 1 ];
data/bwbasic-2.20pl2/bwx_iqc.c:595:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwx_iqc.c:611:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Two many arguments to function INKEY$()" );
data/bwbasic-2.20pl2/bwx_iqc.c:730:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Setting text color to %d", color );
data/bwbasic-2.20pl2/bwx_iqc.c:737:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Set text color to %d", color );
data/bwbasic-2.20pl2/bwx_iqc.c:755:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Setting background color to %d", color );
data/bwbasic-2.20pl2/bwx_iqc.c:764:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Setting background color to %d\n", color );
data/bwbasic-2.20pl2/bwx_ncu.c:194:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tbuf[ MAXSTRINGSIZE + 1 ]; /* this memory should be
data/bwbasic-2.20pl2/bwx_ncu.c:406:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwx_ncu.c:407:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char edname[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwx_ncu.c:436:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( loadfile = fopen( CURTASK progfile, "r" )) == NULL )
data/bwbasic-2.20pl2/bwx_ncu.c:480:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwx_ncu.c:505:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( loadfile = fopen( CURTASK progfile, "r" )) == NULL )
data/bwbasic-2.20pl2/bwx_ncu.c:538:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXVARNAMESIZE + 1 ];
data/bwbasic-2.20pl2/bwx_ncu.c:539:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char finame[ MAXVARNAMESIZE + 1 ];
data/bwbasic-2.20pl2/bwx_ncu.c:540:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argument[ MAXVARNAMESIZE + 1 ];
data/bwbasic-2.20pl2/bwx_ncu.c:611:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwx_ncu.c:628:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Two many arguments to function INKEY$()" );
data/bwbasic-2.20pl2/bwx_ncu.c:750:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Setting text color to %d", fgcolor );
data/bwbasic-2.20pl2/bwx_ncu.c:756:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Set text color to %d", fgcolor );
data/bwbasic-2.20pl2/bwx_ncu.c:774:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Setting background color to %d", bgcolor );
data/bwbasic-2.20pl2/bwx_ncu.c:801:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bwb_ebuf, "Setting background color to %d\n", bgcolor );
data/bwbasic-2.20pl2/bwx_tty.c:204:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tbuf[ MAXSTRINGSIZE + 1 ]; /* this memory should be
data/bwbasic-2.20pl2/bwx_tty.c:421:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwx_tty.c:422:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char edname[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwx_tty.c:440:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( loadfile = fopen( CURTASK progfile, "r" )) == NULL )
data/bwbasic-2.20pl2/bwx_tty.c:482:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXSTRINGSIZE + 1 ];
data/bwbasic-2.20pl2/bwx_tty.c:496:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( loadfile = fopen( CURTASK progfile, "r" )) == NULL )
data/bwbasic-2.20pl2/bwx_tty.c:538:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[ MAXVARNAMESIZE + 1 ];
data/bwbasic-2.20pl2/bwx_tty.c:539:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char finame[ MAXVARNAMESIZE + 1 ];
data/bwbasic-2.20pl2/bwx_tty.c:540:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argument[ MAXVARNAMESIZE + 1 ];
data/bwbasic-2.20pl2/renum.c:17:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rstr[255];
data/bwbasic-2.20pl2/renum.c:26:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pstr[255], sstr[255], f9str[255], s9str[255], tempstr[255];
data/bwbasic-2.20pl2/renum.c:40:27: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (strlen(pstr) == 0) strcpy(pstr, "0.doc");
data/bwbasic-2.20pl2/renum.c:42:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdin = fopen(pstr, "r");
data/bwbasic-2.20pl2/renum.c:50:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pstr, "editfl");
data/bwbasic-2.20pl2/renum.c:51:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdout = fopen(pstr, "w");
data/bwbasic-2.20pl2/renum.c:68:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(midstr2(pstr, 1, p));
data/bwbasic-2.20pl2/renum.c:132:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
t = atoi(midstr2(pstr, 1, 1));
data/bwbasic-2.20pl2/renum.c:143:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
f1 = atoi(midstr2(pstr, 1, p + temp*(p - c + 1)));
data/bwbasic-2.20pl2/renum.c:152:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(midstr2(pstr, c + 1, p + temp*(p - c1 + 1) - c));
data/bwbasic-2.20pl2/renum.c:161:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
f8 = atoi(midstr2(pstr, c1 + 1, p + temp*(p - c + 1) - c1));
data/bwbasic-2.20pl2/renum.c:168:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
l = atoi(midstr1(pstr, c + 1));
data/bwbasic-2.20pl2/renum.c:273:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdin = fopen(f9str, "r");
data/bwbasic-2.20pl2/renum.c:289:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(midstr2(pstr, 1, b));
data/bwbasic-2.20pl2/renum.c:418:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(midstr2(pstr, p8, p9 - p8 + 1));
data/bwbasic-2.20pl2/renum.c:494:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tempstr[255];
data/bwbasic-2.20pl2/renum.c:508:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tempstr[255];
data/bwbasic-2.20pl2/renum.c:533:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rstr, "%d\0", sidx[m][1]);
data/bwbasic-2.20pl2/bwb_cmd.c:593:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( sbuf, varname, 6 );
data/bwbasic-2.20pl2/bwb_cmd.c:620:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strncmp( tbuf, CMD_GOTO, (size_t) strlen( CMD_GOTO ) ) == 0 )
data/bwbasic-2.20pl2/bwb_cmd.c:624:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( strncmp( tbuf, CMD_GOSUB, (size_t) strlen( CMD_GOSUB ) ) == 0 )
data/bwbasic-2.20pl2/bwb_cmd.c:913:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( tbuf ) == 0 )
data/bwbasic-2.20pl2/bwb_cmd.c:2165:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( tbuf, "=" );
data/bwbasic-2.20pl2/bwb_cnd.c:118:4: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/bwbasic-2.20pl2/bwb_cnd.c:154:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tpos = then + strlen( CMD_THEN ) + 1;
data/bwbasic-2.20pl2/bwb_cnd.c:235:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tpos = then + strlen( CMD_THEN ) + 1;
data/bwbasic-2.20pl2/bwb_cnd.c:263:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l->position = then + strlen( CMD_THEN ) + 1;
data/bwbasic-2.20pl2/bwb_cnd.c:279:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l->position = els + strlen( CMD_ELSE ) + 1;
data/bwbasic-2.20pl2/bwb_cnd.c:350:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strncmp( tbuf, CMD_THEN, (size_t) strlen( CMD_THEN ) ) == 0 )
data/bwbasic-2.20pl2/bwb_cnd.c:363:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( strncmp( tbuf, CMD_ELSE, (size_t) strlen( CMD_ELSE ) ) == 0 )
data/bwbasic-2.20pl2/bwb_cnd.c:1786:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l->position += strlen( tbuf );
data/bwbasic-2.20pl2/bwb_cnd.c:1874:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = strlen( l->buffer );
data/bwbasic-2.20pl2/bwb_cnd.c:1929:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( n = l->position; n < (int) strlen( l->buffer ); ++n )
data/bwbasic-2.20pl2/bwb_cnd.c:2049:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tbuf) != 0)
data/bwbasic-2.20pl2/bwb_cnd.c:2056:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l->position += strlen( tbuf );
data/bwbasic-2.20pl2/bwb_cnd.c:2382:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strncmp( tbuf, CMD_TO, (size_t) strlen( CMD_TO ) ) == 0 )
data/bwbasic-2.20pl2/bwb_cnd.c:2393:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( strncmp( tbuf, CMD_STEP, (size_t) strlen( CMD_STEP ) ) == 0 )
data/bwbasic-2.20pl2/bwb_dio.c:379:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = l->position - strlen( atbuf );
data/bwbasic-2.20pl2/bwb_dio.c:613:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(atbuf) != 0) blanket_close = 0;
data/bwbasic-2.20pl2/bwb_dio.c:1679:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(char) fgetc( dev_table[ dev_number ].cfp );
data/bwbasic-2.20pl2/bwb_elx.c:793:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CURTASK exps[ CURTASK expsc ].pos_adv = strlen( CURTASK exps[ CURTASK expsc ].string );
data/bwbasic-2.20pl2/bwb_elx.c:1192:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = strlen( CURTASK exps[ CURTASK expsc ].string );
data/bwbasic-2.20pl2/bwb_elx.c:1200:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = strlen( v->name );
data/bwbasic-2.20pl2/bwb_exp.c:215:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CURTASK exps[ CURTASK expsc ].pos_adv = strlen( exp_ops[ c ].symbol );
data/bwbasic-2.20pl2/bwb_exp.c:771:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(expression) == 1) return OP_NEGATION;
data/bwbasic-2.20pl2/bwb_exp.c:773:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tbuf) != 0) return OP_NEGATION;
data/bwbasic-2.20pl2/bwb_exp.c:822:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size_t) strlen( exp_ops[ c ].symbol ) ) == 0 )
data/bwbasic-2.20pl2/bwb_exp.c:984:13: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/bwbasic-2.20pl2/bwb_exp.c:1073:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( CURTASK exps[ CURTASK expsc ].string ) == 0 )
data/bwbasic-2.20pl2/bwb_fnc.c:128:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( buffer ) == 0 )
data/bwbasic-2.20pl2/bwb_fnc.c:570:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
= (bnumber) strlen( tbuf );
data/bwbasic-2.20pl2/bwb_fnc.c:725:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( target_counter > (int) strlen( target_string ))
data/bwbasic-2.20pl2/bwb_fnc.c:912:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
target_counter = strlen( target_string ) - (int) var_getnval( &( argv[ 1 ] ));
data/bwbasic-2.20pl2/bwb_fnc.c:1234:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( n = start_pos; n < (int) strlen( xbuf ); ++n )
data/bwbasic-2.20pl2/bwb_fnc.c:1236:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strncmp( &( xbuf[ n ] ), ybuf, strlen( ybuf ) ) == 0 )
data/bwbasic-2.20pl2/bwb_fnc.c:1444:32: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if (getenv( tbuf ) != NULL) strncpy( tmp, getenv( tbuf ), sizeof(tmp)-1);
data/bwbasic-2.20pl2/bwb_inp.c:644:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( pstring, tbuf, MAXSTRINGSIZE );
data/bwbasic-2.20pl2/bwb_inp.c:669:4: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/bwbasic-2.20pl2/bwb_inp.c:907:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc( f );
data/bwbasic-2.20pl2/bwb_inp.c:1136:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( b ) == 0 )
data/bwbasic-2.20pl2/bwb_mth.c:106:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy( nvar.name, "(core var)", MAXVARNAMESIZE );
data/bwbasic-2.20pl2/bwb_mth.c:263:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy( nvar.name, "(abs var)", MAXVARNAMESIZE );
data/bwbasic-2.20pl2/bwb_mth.c:1097:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( tbuf ) != 0 ) /* JBV 1/97 (was == 0 with else) */
data/bwbasic-2.20pl2/bwb_prn.c:419:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (( fs_pos > -1 ) && ( strlen( element ) > 0 ))
data/bwbasic-2.20pl2/bwb_prn.c:490:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen( output_string ); ++i )
data/bwbasic-2.20pl2/bwb_prn.c:497:35: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( output_string, "-" );
data/bwbasic-2.20pl2/bwb_prn.c:499:36: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else strcat( output_string, " " );
data/bwbasic-2.20pl2/bwb_prn.c:512:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i = 0; i < strlen( output_string ); ++i )
data/bwbasic-2.20pl2/bwb_prn.c:522:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( dec_pos == -1 ) dec_pos = strlen( output_string );
data/bwbasic-2.20pl2/bwb_prn.c:524:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i = 0; i < strlen( output_string ); ++i )
data/bwbasic-2.20pl2/bwb_prn.c:538:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&tbuf[ strlen( tbuf ) - strlen( output_string ) ] );
data/bwbasic-2.20pl2/bwb_prn.c:538:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&tbuf[ strlen( tbuf ) - strlen( output_string ) ] );
data/bwbasic-2.20pl2/bwb_prn.c:543:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i = 0; i < strlen( output_string ); ++i )
data/bwbasic-2.20pl2/bwb_prn.c:565:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i = 0; i < strlen( output_string ); ++i )
data/bwbasic-2.20pl2/bwb_prn.c:597:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( strlen( element ) > 0 )
data/bwbasic-2.20pl2/bwb_prn.c:635:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (( fs_pos == -1 ) || ( strlen( element ) == 0 ))
data/bwbasic-2.20pl2/bwb_prn.c:651:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (( fs_pos > -1 ) && ( strlen( element ) > 0 ))
data/bwbasic-2.20pl2/bwb_prn.c:1591:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( err_gosubl ) == 0 )
data/bwbasic-2.20pl2/bwb_stc.c:441:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tbuf[ strlen( tbuf ) - 1 ] = '\0';
data/bwbasic-2.20pl2/bwb_stc.c:447:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*position += strlen( tbuf );
data/bwbasic-2.20pl2/bwb_stc.c:459:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( name = CALLOC( 1, strlen( tbuf ) + 1, "fslt_add" ) ) == NULL )
data/bwbasic-2.20pl2/bwb_stc.c:517:7: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/bwbasic-2.20pl2/bwb_stc.c:595:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*position += strlen( tbuf );
data/bwbasic-2.20pl2/bwb_stc.c:704:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
local_pos = *position + strlen( tbuf );
data/bwbasic-2.20pl2/bwb_stc.c:716:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( tbuf ) == 0 )
data/bwbasic-2.20pl2/bwb_stc.c:807:13: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/bwbasic-2.20pl2/bwb_stc.c:2019:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
position += strlen( tbuf );
data/bwbasic-2.20pl2/bwb_stc.c:2055:4: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/bwbasic-2.20pl2/bwb_stc.c:2241:4: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/bwbasic-2.20pl2/bwb_stc.c:2295:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( buffer[ strlen( buffer ) - 1 ] == ':' )
data/bwbasic-2.20pl2/bwb_str.c:220:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for ( i = 0; i < (int) strlen( buffer ); ++i )
data/bwbasic-2.20pl2/bwb_str.c:260:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->length = (unsigned int) strlen( buffer );
data/bwbasic-2.20pl2/bwb_var.c:860:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
target_length = strlen( tbuf );
data/bwbasic-2.20pl2/bwb_var.c:881:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
source_length = strlen( source_string );
data/bwbasic-2.20pl2/bwb_var.c:1271:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( buffer ) == 0 )
data/bwbasic-2.20pl2/bwb_var.c:1299:4: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/bwbasic-2.20pl2/bwb_var.c:1341:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
var_make( v, (int) v->name[ strlen( v->name ) - 1 ] );
data/bwbasic-2.20pl2/bwbasic.c:144:4: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/bwbasic-2.20pl2/bwbasic.c:394:4: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/bwbasic-2.20pl2/bwbasic.c:533:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (( feof( file ) == FALSE ) || ( strlen( read_line ) > 0 ))
data/bwbasic-2.20pl2/bwbasic.c:1210:7: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/bwbasic-2.20pl2/bwbasic.c:1288:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( l->buffer = CALLOC( strlen( s ) + 2, sizeof( char ), "ln_asbuf") )
data/bwbasic-2.20pl2/renum.c:37:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = strlen(pstr);
data/bwbasic-2.20pl2/renum.c:40:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pstr) == 0) strcpy(pstr, "0.doc");
data/bwbasic-2.20pl2/renum.c:64:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pstr[strlen(pstr) - 1] = '\0';
data/bwbasic-2.20pl2/renum.c:123:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = strlen(pstr);
data/bwbasic-2.20pl2/renum.c:128:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pstr) == 0) break;
data/bwbasic-2.20pl2/renum.c:137:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pstr) == 0) skip = 1;
data/bwbasic-2.20pl2/renum.c:268:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = strlen(pstr);
data/bwbasic-2.20pl2/renum.c:285:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pstr[strlen(pstr) - 1] = '\0';
data/bwbasic-2.20pl2/renum.c:321:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (x9 = b; x9 <= strlen(pstr); x9++)
data/bwbasic-2.20pl2/renum.c:338:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (skip == 0) b1 = strlen(pstr);
data/bwbasic-2.20pl2/renum.c:355:22: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(s9str, " ");
data/bwbasic-2.20pl2/renum.c:375:39: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if (getout == 0) strcpy(s9str, ",");
data/bwbasic-2.20pl2/renum.c:426:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p9 == strlen(pstr))
data/bwbasic-2.20pl2/renum.c:444:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d9 = strlen(rstr) - (p9 - p8 + 1);
data/bwbasic-2.20pl2/renum.c:461:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (b1 == strlen(pstr)) break;
data/bwbasic-2.20pl2/renum.c:514:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(endptr, "\0");
ANALYSIS SUMMARY:
Hits = 1172
Lines analyzed = 32388 in approximately 0.82 seconds (39665 lines/second)
Physical Source Lines of Code (SLOC) = 21016
Hits@level = [0] 42 [1] 100 [2] 693 [3] 3 [4] 375 [5] 1
Hits@level+ = [0+] 1214 [1+] 1172 [2+] 1072 [3+] 379 [4+] 376 [5+] 1
Hits/KSLOC@level+ = [0+] 57.7655 [1+] 55.767 [2+] 51.0088 [3+] 18.0339 [4+] 17.8911 [5+] 0.0475828
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.